POPULARITY
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia's APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."
Section 702 edges closer to a vote. CISA provides guidance on Sisense and Microsoft breaches. A major conservative think tank reports a breach. Obsolete D-Link devices are under active exploitation, and Palo Alto warns of a zero-day. Raspberry Robin grows more stealthy. A lastpass employee thwarts a deepfake phishing attempt. Are AI models growing more persuasive? Our guest Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI. Floppies keep the trains running on time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and podcast partner Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI. Selected Reading Compromise of Sisense Customer Data (CISA) ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System (CISA) US think tank Heritage Foundation hit by cyberattack (TechCrunch) Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars (SecurityWeek) Palo Alto Networks Warns About Critical Zero-Day in PAN-OS (Infosecurity Magazine) Hackers are using Windows script files to spread malware and swerve antivirus software ( ITPro) LastPass Employee Targeted With Deepfake Calls (SecurityWeek) Anthropic says its AI models are as persuasive as humans (Axios) 5.25-inch floppy disks expected to help run San Francisco trains until 2030 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
This episode reports on a new way threat actors are planting malware on GitHub, why you should watch for the running of unexpected automated scripts on your network, and more
Cybersecurity and Infrastructure Security Agency (CISA) teams up with the NFL to tackle cybersecurity at the Super Bowl, making a defense play that extends beyond the field. Dive into the shadows with us as we explore the stealthy advances of Raspberry Robin malware, leveraging Discord and new exploits to breach systems. Shift gears to the macOS landscape, where RustDoor backdoor emerges as a sophisticated threat. Then, join us underground on the London Tube, where AI surveillance trials spark debate over privacy and safety. Finally, we unravel the evolving menace of MoqHao Android malware, highlighting the relentless pace of cybercriminal innovation. Stay vigilant with us on the digital frontier, where cybersecurity is not just a strategy but a necessity. Featured Topics and Original Articles: CISA's Cybersecurity Touchdown at the Super Bowl Cybersecurity Dive - Super Bowl and Cybersecurity AI Surveillance on the London Underground Ars Technica - AI Surveillance London Underground RustDoor MacOS: A Stealthy Threat The Hacker News - RustDoor Backdoor Alert Raspberry Robin Malware's Tactical Evolution The Hacker News - Raspberry Robin Upgrades The Evolving Threat of MoqHao Android Malware McAfee Labs Report on MoqHao Listen and Learn: Join us as we dissect these pressing cybersecurity issues, offering insights into how individuals and organizations can navigate the complexities of the digital age. Whether it's the excitement of the Super Bowl or the daily commute on the London Underground, security is omnipresent and paramount. Stay informed, stay secure, and let's protect our digital world together. Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Good morning, everyone. Today is Monday, February 12th, and you're listening to the daily decrypt. Yesterday was a pretty big day for television fans. I believe Taylor swift. Made an appearance, um, at the sports game. So congratulations to Taylor swift for winning the super bowl. We're going to quickly talk about the CSUs cybersecurity touchdown at the super bowl. We're going to be discussing AI surveillance at the London [00:01:00] underground. I'm gonna be talking about RustDoor which is a MacOS vulnerability. Raspberry Robin. And the evolving threat of the MoqHao Android malware. Okay, so up first, this past. Weekend we had the Superbowl. And CISA. Which is the cybersecurity infrastructure security agency. Has launched a NFL wide campaign called secure our world. And they're teaming up with the NFL to boost cybersecurity awareness. Not only at the Superbowl. But throughout the entire season with 32 of the NFL teams committing. To promoting cybersecurity tips. This is pretty cool. It's becoming more and more important to discuss ways to stay safe online. So we're really glad that the NFL is partnering with CISA. To get the word out there. You'll be [00:02:00] shocked to hear their recommendations. Which are as follows. Adopt strong passwords. Enable multi-factor authentication. Be vigilant against phishing. And keep your software up to date. These messages appeared on screens throughout Allegiant stadium. They appeared on the jumbo Tron. They appeared on posters. I believe they even. I had an ad. On the Las Vegas sphere. So, this is huge. This is going to be great. We know how much you guys love hearing lectures about how to stay safe online. And we know how much you love ignoring them. We're so excited for you to watch the Superbowl and get more of those lectures. The lectures won't stop. Until you follow that advice. This campaign is not only coming. As a result of. The huge breach on major Las Vegas casinos last year. But also because regular citizens lost over a billion dollars last year due to cyber crime. So we need to [00:03:00] start cracking down on this for your safety, for the economy. For many reasons at a macro level. So I have some friends who have spent between 10 and $80,000 to get to go to Allegiant stadium. For the super bowl. To see Taylor swift. To get a cybersecurity lecture that they couldn't get from me. And maybe they'll even see some sports. So all in all, I think that's pretty worth it. So the London underground is testing AI surveillance to detect crimes unsafe behaviors. And fare evasion. With a pilot at Willis, then green tube station. The system uses live CCTV and machine learning to issue over 44,000 alerts, including 19,000 in real time to station staff for behaviors like weapon brandishing, falling on the tracks and fare dodging. Okay, well, that's great. They're not just worried about. The money that they're losing, but they're also worried about your [00:04:00] safety. Like if someone falls on the tracks, AI can recognize that as a safety hazard and get someone over there, hopefully before a train comes. Experts worry about the ethical implications, potential expansion to facial recognition. And the lack of public awareness about the trial. And those things concern me too. It's only a fine line from using AI. To detect crimes and to detect all these things to now tracking you and your face. And feeding that information to. Big banking to Amazon, to all these people that want your data, Facebook, et cetera. I'm sure that London is not doing a great job of advertising this. So it's really important to stay up to date on this news. By sharing this podcast with them. So if you know anyone in London, go ahead and send this to them. The London underground is going to start watching. Yeah. Apple Mac OS users find themselves at the center of a sophisticated cybersecurity threat. A new rust based backdoor rust is just a programming language [00:05:00] and it's been code named rust door by bit defender. This threat has been around since November of 2023. So it's not new, but it is just coming to fruition. Rust door masquerades as an update for Microsoft visual studio, which is pretty clever because. For some reason, certain things need Microsoft visual studio to run effectively on your Mac. And. By the time you realize that that's what's missing, you're frustrated. And you just click download you, Google, Microsoft visual studio update, and you click the first thing and you click download and you walk away because it's like, 20 gigabytes. Of data that has to download over the next hour. It's so frustrating. I've done it way too many times. So attackers have realized this and they've bought Google ad space for Microsoft visual studio probably duplicated the website. So it looks exactly the same with the download button you're going there. You're clicking. Download. And you're getting malware. So, yeah. Be careful, especially for downloading Microsoft [00:06:00] visual studio. On a Mac. Raspberry Robyn. Which is a fun name is the name of malware. Used as sort of initial foothold during breaches. So it. It historically has been distributed using USB keys or malicious downloads. But it's continually evolving. And it's now harnessing one day exploits for escalated privilege. Hinting at either an exploit market purchase or in-house development by its operators. So we've talked about zero days before on this podcast. So as a reminder, a zero day is something that was built into the initial software. So when something is released, There's a vulnerability in there that the developers don't even know about. So that's, what's called a zero day. Uh, one day is when the developers find [00:07:00] out about that vulnerability. Now we're in this weird limbo, which is called a one day. Where the developers know and are working on developing a patch, which will come to you via a security update. And now all bad actors also know about this vulnerability. So they're hustling to get out an exploit. For this vulnerability and it's sort of a race between the developers trying to fix it and the bad actors trying to exploit it. So. Raspberry Robin has successfully exploited. What's called a one day, which we just discussed. And it has become harder and harder to detect and analyze because it employs anti analysis and obfuscation techniques. It is also now using discord. For a platform to distribute this malware instead of a USB key. And introduces what's called PAE exec. For lateral movement and a refined command and control method using a list of tour addresses to maintain communications stealth. So there's a lot in there. But [00:08:00] over the past couple of weeks doing this podcast, I've seen discord being used for a lot of things. Uh, I know I am clicking these server, join links all the time and join servers and then leave them. I'm going to be joining less servers moving forward. And I'll be very picky about the ones that I do decide to join. And finally we've got the evolving threat of the MoqHao Android malware. So this malware. Has been around for a few years, but. As of recently it now executes automatically on infected devices. So there's no user action required. The malware is like to roaming mantis, a Chinese cyber crime group focused on financial gain. And it starts with SMS messages containing fraudulent links. So maybe you have a package [00:09:00] coming in. Today and you get a message from someone, someone@gmail.com saying your package has been delayed. Click the link. That's how you get it. As soon as it's downloaded, it demands risky permissions from the phone. In July of 22. Sequoia. Reported over 70,000 Android devices in France were compromised. So. How can you prevent this? Like CISA said at the Superbowl, be vigilant with phishing links. Make sure your devices are up to date. And. If you notice any weird slowdowns on your devices Turn it off. Turn it back on again. Maybe even reset it. Alrighty, that's it for today, guys. Thanks for listening. We hope you enjoyed this new format, bringing you a little bit more news in a little bit shorter of a format. Thanks for tuning in and we will talk to you tomorrow. [00:10:00]
Raspberry Robin – a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
A chat episode about all these things and more. Sorry, a "chatty chat" about exactly seven topics. Network access security that scales with your business — NordLayer secures your organization's traffic and data to provide your colleagues with safe, reliable, remote access. nordlayer.com/hacked Learn more about your ad choices. Visit podcastchoices.com/adchoices
New vulnerability found in WooCommerece Gift Cards Premium Wordpress plugin with CVSS score of 9.8.Fin7 has developed an AI-powered automated attacking tool called Checkmarks. Checkmarks is designed to auto-attack ms exchange systems, perform post exploitation actions, and grab enough data to allow FIN7 to understand their victim.Raspberry Robin has a new feature. This version of Raspberry Robin has two payloads, one designed to be discovered if the malware believes it's being analyzed in a sandbox. This fake payload look legit including looking at the registry on start up to check for infection, pulling down an adware named 'browserassist'. This payload has shellcode and a PE file with the MZ magic bytes removed to hide its not a PE file.Plus an interview with Jason Chan, former VP of Information Security at Netflix about how he helped build their security program from the ground up.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
The Today in Manufacturing Podcast is brought to you by the editors from Manufacturing.net and Industrial Equipment News (IEN). In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward. This week: - DeLorean's Daughter to Build New Model in Detroit- OSHA Proposes Steep Penalties After 7th Worker Severely Injured- Flying Car Can Drive on Streets, Take Off and Land Vertically- Suspension Bridge Collapse Kills at Least 133 in India- Owners Reacquire EDM Company Nearly 10 Years After SellingIn Case You Missed It- Hunt for Deep Sea Minerals Draws Scrutiny- Salary Transparency Laws Aim to Combat Pay Disparities- Stellantis Offers Buyouts to U.S. Workers Aged 55+Sponsor: Security Breach PodcastRegardless of what you might hear, supply chain disruptions, labor challenges and low-cost foreign competition are not the biggest threats to U.S. manufacturers. Ransomware gangs, phishing schemes and IP theft now top this list. That's why the Security Breach podcast, hosted by Jeff Reinke, takes these hackers to task, examining how groups like REvil and Exotic Lilly are able to organize their attacks and how the industrial sector can protect themselves against tools like Cobalt Strike and Raspberry Robin.Please make sure to like, subscribe and share the podcast. You could also help us out a lot by giving the podcast a positive review. Finally, to email the podcast, you can reach any of us at David, Jeff or David [at] ien.com, with “Email the Podcast” in the subject line.
An infectious Robin flying around, a critical OpenSSL vulnerability, access control, AI-based object detection, and more. Square/Block sells access to your inbox, but does the law care? Raspberry Robin worm infecting several endpoints Critical flaw present in OpenSSL 3.0 and above Apple's awkward affair with China is ending Google's giant 3D video chat booth, Project Starline, is being tested at companies Rob Druktenis, Program Manager at Axis Communications, chats about access control technology with streamlined and edge-based solutions Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Rob Druktenis Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: nureva.com/twit canary.tools/twit - use code: TWIT onlogic.com/TWIT
An infectious Robin flying around, a critical OpenSSL vulnerability, access control, AI-based object detection, and more. Square/Block sells access to your inbox, but does the law care? Raspberry Robin worm infecting several endpoints Critical flaw present in OpenSSL 3.0 and above Apple's awkward affair with China is ending Google's giant 3D video chat booth, Project Starline, is being tested at companies Rob Druktenis, Program Manager at Axis Communications, chats about access control technology with streamlined and edge-based solutions Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Rob Druktenis Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: nureva.com/twit canary.tools/twit - use code: TWIT onlogic.com/TWIT
An infectious Robin flying around, a critical OpenSSL vulnerability, access control, AI-based object detection, and more. Square/Block sells access to your inbox, but does the law care? Raspberry Robin worm infecting several endpoints Critical flaw present in OpenSSL 3.0 and above Apple's awkward affair with China is ending Google's giant 3D video chat booth, Project Starline, is being tested at companies Rob Druktenis, Program Manager at Axis Communications, chats about access control technology with streamlined and edge-based solutions Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Rob Druktenis Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: nureva.com/twit canary.tools/twit - use code: TWIT onlogic.com/TWIT
An infectious Robin flying around, a critical OpenSSL vulnerability, access control, AI-based object detection, and more. Square/Block sells access to your inbox, but does the law care? Raspberry Robin worm infecting several endpoints Critical flaw present in OpenSSL 3.0 and above Apple's awkward affair with China is ending Google's giant 3D video chat booth, Project Starline, is being tested at companies Rob Druktenis, Program Manager at Axis Communications, chats about access control technology with streamlined and edge-based solutions Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Rob Druktenis Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: nureva.com/twit canary.tools/twit - use code: TWIT onlogic.com/TWIT
[Referências do Episódio] - Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers - https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/ - Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets - https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/ - Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity - https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/ - SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri - https://rambo.codes/posts/2022-10-25-sirispy-ios-bug-allowed-apps-to-eavesdrop - Stable Channel Update for Desktop - https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
Lockbit switches to abusing Windows Defender as Cobalt Strike loader.Raspberry Robin possibly linked to EvilCorp.Gootkit reappears with new infection vectors.Suspected Darkside rebrand BlackCat learns nothing, attacks gas pipeline.
KillNet threatens hack-and-leak op against HIMARS maker. Online investment scams hit Europe. Microsoft associates Raspberry Robin with EvilCorp. Rick Howard previews season ten of the CSO Perspectives podcast. Our guest is Nate Kharrl of SpecTrust on deploying fraud detection at the gateway. And a heartfelt farewell to a woman who's inspiration lives on. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/146 Selected reading. Cyberactivist Group Killnet Declares War on Lockheed Martin (Sputnik) Russian Hackers Target U.S. HIMARS Maker in 'New Type of Attack': Report (Newsweek) Founder of pro-Russian hacktivist Killnet quitting group (SC Magazine) Huge network of 11,000 fake investment sites targets Europe (BleepingComputer) Microsoft links Raspberry Robin malware to Evil Corp attacks (BleepingComputer) Microsoft ties novel ‘Raspberry Robin' malware to Evil Corp cybercrime syndicate (The Record by Recorded Future) FakeUpdates malware delivered via Raspberry Robin has possible ties to EvilCorp (SC Magazine) Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself (Microsoft Security) Australia charges dev of Imminent Monitor RAT used by domestic abusers (BleepingComputer) Brisbane teenager built spyware used by domestic violence perpetrators across world, police allege (the Guardian)
In today's podcast we cover four crucial cyber and technology topics, including: 1.Dahua IP cameras vulnerable to take over 2.Akamai sees, mitigates largest DDoS ever recorded 3.Microsoft links attacks to Austrian commercial firm 4.Initial access broker linked to Evil Corp ransomware groupI'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Raspberry Robin infects an untold number of computers but is it a threat? Maybe. Probably? RedAlert ransomware targets VMware, the cyber-proxy war in the Russia-Ukraine conflict ramps up, and we take a look at police spyware. This week I sat down with Justin Mohr, USAF (Ret) to discuss cyber operations in the DoD and life as a Security Operations Center Team Lead.
This update moves IT Privacy and Security from your next meal to a trip around the salad bar at least a couple of times. We work our way from an unlikely garden and a Raspberry Robin out to the OpenSea. We discover many, unappetizing ways for our data to be lost, stolen, or sold. Then… sprinkling a little bit of insight into how police use our search data and what is being proposed in the garden state of California that would wipe out any sort of browsing anonymity … completely. You get some reassurance in your “sage” thoughts about that co-worker you've never actually seen or heard from and finally, you see how many people have blossomed since we put this piece together. There's plenty of calm in this week's update, but there is lots of tossing around too. For a full transcript of this week's podcast head to discuss.daml.com --- Send in a voice message: https://anchor.fm/rps5/message
A daily look at the relevant information security news from overnight - 04 July, 2022Episode 257 - 04 July 2022Giant China Data Breach- https://www.zdnet.com/article/giant-data-breach-leaked-personal-data-of-one-billion-people-has-been-spotted-for-sale-on-the-dark-web/ Raspberry Robin - https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/British Army Hawks Crypto Scam- https://www.infosecurity-magazine.com/news/british-army-social-media-accounts/LockBit Black - https://www.itpro.co.uk/security/ransomware/368418/latest-lockbit-ransomware-strain-strikingly-similar-to-blackmatterMicrosoft Backdoor - https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.htmlZoho RCE POC - https://www.bleepingcomputer.com/news/security/zoho-manageengine-adaudit-plus-bug-gets-public-rce-exploit/Hi, I'm Paul Torgersen. It's Monday July 4th 2022, happy birthday America, and this is a look at the information security news from overnight. From zdnet.comDetailed personal information for 1 billion Chinese residents has been found for sale on the dark web. Obviously this would be one of the largest data breaches in history. The information in the 23 terabytes of data includes names, addresses, national ID numbers, mobile phone numbers, as well as police and medical records. Hackers claim the information came from the Shanghai National Police database and are offering it for sale for 10 bitcoin, which right now is less than $200,000. From BleepingComputer.com:Microsoft recently spotted a Windows worm on the networks of hundreds of organizations from various industry sectors. The malware, Raspberry Robin, spreads via infected USB devices, you know, those ones the boss finds lying in the parking lot and plugs in to see what's on it? Microsoft observed the malware connecting to addresses on the Tor network, although it appears the threat actors are yet to exploit any access they gained to victims' networks. Details in the article. From Infosecurity-Magazine.com:The British Army confirmed its Twitter and YouTube accounts were compromised by a third party and used to direct visitors to cryptocurrency scams. There are reports that their Facebook account was compromised also. The YouTube account was completely rebranded to resemble investment firm Ark Invest, posting live stream videos featuring Elon Musk and Jack Dorsey. The social media accounts all appear to be back under proper control. From ITPro.co.ukSecurity researchers have acquired a sample of LockBit 3.0, which the hacking group internally calls LockBit Black. Analysis shows that large portions of the code are ripped straight from the BlackMatter ransomware developed by the Darkside group. You will remember them as the group that shut down last year after their huge Colonial Pipeline hit brought a lot of national security heat down on them. Evidently LockBit hired some of those developers. Details and a link to the analysis in the article. And last today, from BleepingComputer.comSecurity researchers have published technical details and proof-of-concept for a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory. The vulnerability could lead to remote code execution and compromise of Active Directory accounts, and comes with a severity score of 9.8. Get your patch on kids. That's all for me today. Have a great Fourth of July, and until tomorrow, be safe out there.
[Referências do Episódio] - Microsoft finds Raspberry Robin worm in hundreds of Windows networks - https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/ - CISA Adds One Known Exploited Vulnerability to Catalog - https://www.cisa.gov/uscert/ncas/current-activity/2022/07/01/cisa-adds-one-known-exploited-vulnerability-catalog - GUIDANCE ON APPLYING JUNE MICROSOFT PATCH TUESDAY UPDATE FOR CVE-2022-26925 - https://www.cisa.gov/guidance-applying-june-microsoft-patch - #1622449 - June 2022 Incident Report - https://hackerone.com/reports/1622449 - 2022 0-day In-the-Wild Exploitation…so far - https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
What else can we say as it relates to the industrial sector and the cybersecurity threats that continue to present themselves, other than – the battle wages on.The value of the sector's IP, the plethora of personal information and the vital need to maintain uptime makes manufacturing a favorite target of hackers. And as those in the financial and healthcare markets know all too well, recognition of the threat only seems to spur the creation of new and better weapons focused on wreaking havoc. So, joining us today to discuss some of the latest threats to hit the industrial sector is Lauren Podber – she's a Principal Intelligence Analyst at Red Canary, firm that specializes in managing cybersecurity endpoint detection, planning and response. They were also among the first to assess the first threat we're going to discuss – Raspberry Robin. For more information on the work Red Canary does, you can go to www.redcanary.comTo download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Kontynuujemy specjalną edycję naszego podcastu w nowej formule codziennych raportów. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. Dzisiejszy odcinek poprowadził Piotr Kępski. Dzisiejsze tematy: Raport Badaczy z grupy Red Canary dotyczący malware Raspberry Robin ; Źródło 2 Atak DDoS zakłócił dostawy rosyjskiego alkoholu Anonymous przypisują sobie włamanie do More
[Referências do Episódio] - BPFdoor - https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896 - Pesquisadores criam exploits para a CVE-2022-1388 - https://www.bleepingcomputer.com/news/security/exploits-created-for-critical-f5-big-ip-flaw-install-patch-immediately/ - CVE-2022-29176 no RybyGems - https://www.bleepingcomputer.com/news/security/check-your-gems-rubygems-fixes-unauthorized-package-takeover-bug/ - Raspberry Robin - https://redcanary.com/blog/raspberry-robin/ - Vulnerabilidades no QNAP - https://thehackernews.com/2022/05/qnap-releases-firmware-patches-for-9.html - Recompensa por membros do Conti - https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
An update on the war in Ukraine as Victory Day approaches. President Lukashenka on the war next door. Hackivists in the battlespace. Raspberry Robin and a USB worm. A carefully operated credential phishing campaign. Another ICS security alert from CISA. Dinah Davis from Arctic Wolf on reflection amplification techniques. Carole Theriault examines zero trust architecture access policies. Happy Mother's Day (and stay safe online). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/88 Selected reading. Mariupol steel mill battle rages as Ukraine repels attacks (Military Times) Why the battle for Mariupol is important for Vladimir Putin. (New York Times) A race against time in Ukraine as Russia advances, West sends weapons (Washington Post) The AP Interview: Belarus admits Russia's war 'drags on' (AP NEWS) Russia's ally Belarus criticises war effort for ‘dragging on' (The Telegraph) NSA cyber boss seeks to discourage vigilante hacking against Russia (Defense News) Shields Up: Russian Cyberattacks Headed Our Way (JD Supra) Raspberry Robin gets the worm early (Red Canary) VIP3R: New actor. Old story. Great success. (Menlo Security) Johnson Controls Metasys (CISA) Top 3 Mother's Day Scam Sites – Be Smart When Buying Gifts (Trend Micro News)
A daily look at the relevant information security news from overnight.Episode 234 - 06 May 2022Thumbs suck - https://threatpost.com/usb-malware-targets-windows-installer/179521/New NetDooka - https://www.bleepingcomputer.com/news/security/new-netdooka-malware-spreads-via-poisoned-search-results/CT swipe - https://portswigger.net/daily-swig/wordpress-sites-getting-hacked-within-seconds-of-tls-certificates-being-issuedAndroid updates - https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-android-kernel-vulnerability/And. And. It's gone- https://www.zdnet.com/article/weird-bug-made-google-docs-crash-if-you-typed-one-word-five-times/Hi, I'm Paul Torgersen. It's Friday May 6th, 2022, and this is a look at the information security news from overnight. From ThreatPost.com:A new wormable malware called Raspberry Robin has been active since this past September and is delivered onto Windows machines through USB drives. Do people still do that? Remember when you used to go to a conference, and vendors would hand out thumb drives? Then people would go home and actually stick them into their computer? Don't do that. There is more information in the article, but the answer is: don't do that. From BleepingComputer.com:A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install malware distribution service. The framework features a loader, a dropper, a protection driver, and a powerful RAT component that relies on a custom network communication protocol. Researchers at TrendMicro warn that, while the tool is still in an early development phase, it is already very capable. Link to the research in the article. From PortSwigger.com:Attackers are abusing the Certificate Transparency system to compromise new WordPress sites in the brief window after web admins upload the WordPress files, but before they manage to secure the website with a password. Hackers are evidently monitoring the CT logs because sites are being hacked within minutes, sometimes seconds, of TLS certificates being requested. You know where to find the details. From BleepingComputer.com:Google has released the second part of their May security patch for Android, including a fix for an actively exploited Linux kernel vulnerability. Do note that if you are using Android 9 or older, this patch does not apply to you and you really should upgrade to a more recent Android OS. Also, if you have a Google Pixel, you have some additional patching to do. Get your patch on kids. And last today, from ZDNet.com:An obscure bug is making Google Docs crash after users typed in a simple, repeated word pattern. If you type the word and, with a capital A, and a period and space after it, five times in a row, it would crash your doc. And any attempts to reopen the doc would retrigger the crash. And “and” isn't the only word that triggers this, but not ALL words trigger it. It appears that Google has now fixed the bug, but, but, but but, but beware. That's all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.