Podcasts about REvil

Today we're bringing back Haseeb Awan, the founder of Efani Secure Mobile - a bespoke cybersecurity-focused phone service, protecting high-risk individuals against mobile hacks. Haseeb will delve into the technicalities of SIM swapping, explaining the various techniques that hackers use to carry out this fraudulent activity. He will also provide insights into what telecommunication companies can do to prevent SIM swapping and what steps individuals can take to protect themselves from falling victim to this crime. Nate Nelson, our Sr. producer, spoke with Rich Murray, who leads the FBI's North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with another attack by REvil - this time against the Texas government - and how they managed to figure out who was behind it.

Robert Cioffi, CEO of a leading NY MSP and discusses ransomware real life stories effect on people, ransomware shocking toll on people from a real life victim perspective, and the ransomware impact on real life small business. We discuss ransomware what it feels like to be a victim and the ransomware impact on real life individuals. A compelling emotional story of how his company was attacked by REVIL in the infamous KASEYA breach, his depicted of what it feels like to watch ransomware live. The Kaseya breach effected over 1500 businesses in the US. He shares an eyewitness account and tells the story of the emotional journey of trauma, triage, rebuilding and persistence through a remarkable recovery. THIS IS PART 1 of 2. Highlights: 

Robert Cioffi, CEO of a leading NY MSP and discusses ransomware real life stories effect on people, ransomware shocking toll on people from a real life victim perspective, and the ransomware impact on real life small business. We discuss ransomware what it feels like to be a victim and the ransomware impact on real life individuals. A compelling emotional story of how his company was attacked by REVIL in the infamous KASEYA breach, his depicted of what it feels like to watch ransomware live. The Kaseya breach effected over 1500 businesses in the US. He shares an eyewitness account and tells the story of the emotional journey of trauma, triage, rebuilding and persistence through a remarkable recovery. THIS IS PART 2 of 2. Highlights: 

A year ago we told you the story of Kaseya: an IT solutions company that was breached on July 2021, and its servers were used to spread ransomware to an estimated 800 to 1500 small to medium-sized businesses. Nate Nelson, our Sr. producer, spoke with Rich Murray, who leads the FBI's North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with the Kaseya incident and how they managed to figure out who was behind the attack.

Om Shownotes ser konstiga ut (exempelvis om alla länkar saknas. Det ska finnas MASSOR med länkar) så finns de på webben här också: https://www.enlitenpoddomit.se    Avsnitt 396 spelades in den 20 december och därför så handlar dagens avsnitt om: INTRO: - Alla har haft en vecka... Johan har varit på Julfest (vilket hörs på rösten ;)), har varit nedbäddad med sjukdom. Björn har jobbat, och haft en fru på julfest. David har inte gjort nått, eller rättare sagt han har gjort sånt som är vanliga jobbet.    - BONUSTIPS: Senaste avanittet av Office 365 podden som ger tips phising teste:     https://warnolf.podbean.com/e/sakerhetstips-fran-axians/  FEEDBACK AND BACKLOG: - Eufy micklar i avtalet…   https://www.theverge.com/2022/12/16/23512952/anker-eufy-delete-promises-camera-privacy-encryption-authentication  - Björn undrade varför den inte var med som standard   https://blog.esper.io/health-connect-in-android-14/  - Vi hade pryllisteavsnitt förra veckan. Vill man ha fler sistaminuten tis så MS Cloud IT Pro podcast avstnitt 312   https://www.msclouditpropodcast.com/episode312/  - Man ska ha långa USB-kablar. Men hur lång får en USB kabel vara?   https://www.androidauthority.com/how-long-can-a-usb-cable-be-3244520/  ALLMÄNT NYTT - “Twitter for iPhone” är väck   https://twitter.com/theapplehub/status/1603814915461877760  - Skall Elon vara kvar?   https://www.engadget.com/elon-musk-asks-twitter-users-to-decide-000451423.html?src=rss    https://techcrunch.com/2022/12/16/eu-warns-elon-musk-over-journalist-bans/    - 57% säger att han ska lämna:     https://www.svt.se/kultur/17-5-miljoner-anvandare-rostar-om-musks-avgang  - Konkurrent till Google Maps   https://techcrunch.com/2022/12/15/meta-microsoft-aws-and-tomtom-launch-the-overture-maps-foundation-to-develop-interoperable-open-map-data/  - Just nu tror jag man försöker hitta affärsmodellen   https://swedroid.se/warner-bros-discovery-kommer-slappa-gratis-stromningstjanst/  - SpaceX vill ha möjlighet att koppla vanliga telefoner till Starlink   https://www.cnet.com/science/space/spacex-wants-you-to-connect-your-smartphone-directly-to-starlink/  MICROSOFT - Microsoft Data Boundary   https://www.reuters.com/technology/microsoft-roll-out-data-boundary-eu-customers-jan-1-2022-12-15/  - Github letar lösenord:   https://techcrunch.com/2022/12/15/github-brings-free-secret-scanning-to-all-repos/  APPLE - Apple utvecklar en egen sökmotor?   https://www.macrumors.com/2022/12/19/apple-to-launch-search-engine-to-rival-google/  GOOGLE: - Google fixar End to end encryption i Gmail   https://www.bleepingcomputer.com/news/security/google-introduces-end-to-end-encryption-for-gmail-on-the-web/  - WearOS blir bättre på batteri   https://9to5google.com/2022/12/17/google-wear-os-korulab/  - Uppdaterad Google Home app för Wear OS   https://9to5google.com/2022/12/16/google-home-wear-os-update/    - BONUSLÄNK: HassControll - https://apps.garmin.com/en-US/apps/47f64742-cf59-4d54-b368-841a347f7c6d  - Google har gjort en sak som ingen annan kan   https://techcrunch.com/2022/12/18/google-can-now-decode-doctors-bad-handwriting/  - Matternyheter   https://www.engadget.com/google-smart-home-devices-support-matter-standard-140047949.html  GULDKORN FRÅN 2022 - BJÖRN #1: Activision Blizzard affären    Vi pratade om den i Avsnitt 377 (4 aug) https://www.enlitenpoddomit.se/e/elpoit-376-1659534131/    - Microsoft menar att Activision inte har några "must have" titlar     https://www.engadget.com/microsoft-negs-activision-blizzard-172152190.html     Och avsnitt 390 (10 nov)     https://www.enlitenpoddomit.se/e/elpoit-390/    - EU skall granska Blizzard Activision     https://www.thurrott.com/games/275750/eu-commission-phase-2-investigation-microsoft-activision-blizzard-deal   - JOHAN #1: Elon Musk och köpet av Twitter.  - DAVID #1: Ryssland låtsas-arresterade Revil (avsnitt #351) - DAVID #2: Truth Social vs Free Speech (#357) - JOHAN #2: Året då Matter blev klart - BJÖRN #2: Microsofts platta fall när det gäller ARM på klienter.   Avsnitt 381 (1 sept)     https://www.enlitenpoddomit.se/e/elpoit-381/   - ARM I Azure… Alltså den andra ARM     https://www.zdnet.com/article/microsofts-arm-based-azure-vms-are-ready-to-roll/     och Avsnitt 388 (27 okt)   https://www.enlitenpoddomit.se/e/elpoit-388/    - Hallå alla utvecklare. Nu kan du köpa Windows Dev Kit för Windows on Arm… #SerHurAllaSpringerOchBeställer     https://www.zdnet.com/article/microsoft-starts-shipping-its-windows-on-arm-device-for-developers-windows-dev-kit-2023/    - BJÖRN #3: AI (Med OpenAI, DallE, ChatGPT osv)   Avsnitt 376 (28 jul)    https://www.enlitenpoddomit.se/e/elpoit-376/    - DALL-E släpps nu till de första användarna i som beta     https://www.engadget.com/openai-dall-e-beta-availability-release-date-171009337.html     Avsnitt 395 (16 dec)     https://www.enlitenpoddomit.se/e/elpoit-395/    - ChatGPT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (insert 1000000 utropstecken)     https://www.cnet.com/tech/computing/the-five-best-uses-so-far-for-chatgpts-ai-chatbot/     Avstnitt 395 (29 sept)     https://www.enlitenpoddomit.se/e/elpoit-385/    - James Earl Jones kan gå i pension     https://techcrunch.com/2022/09/26/ai-is-taking-over-the-iconic-voice-of-darth-vader-with-the-blessing-of-james-earl-jones/     Avsnitt 387 (20 okt)     https://www.enlitenpoddomit.se/e/elpoit-387/    - Podcast skapad av en AI. Med röster som är AI-skapade      https://podcast.ai/ - JOHAN #3: Året av Antitrust, uppsägningar och lågkonjunktur - DAVID #3: När vi sände live från Space i Stockholm! och då nämndes en ny säsong av Futurama på Disney+, som kommer under 2023 (#359) - DAVID #4: Det heter "Normaltid" (#360) - JOHAN #4: Right to repair - DAVID #5: Tydligen är det i Ryssland man skall bo (#377) - BJÖRN #4 : 2022 i bilder (enligt World Economic Forum)   https://www.weforum.org/agenda/2022/12/2022-what-happened-this-year-pictures/    1. Inflation surges around the world   2. The Omicron coronavirus variant spreads   3. Russia invades Ukraine   4. US Supreme Court overturns abortion rights   5. Record-breaking heatwaves   6. Droughts around the world     7. Flooding in Pakistan   8. Queen Elizabeth II passes away   9. World population exceeds 8 billion   10. COP27's ‘loss and damage' fund for vulnerable countries - JOHAN #5: Året då Apple börjar med USB-C och öppnar App Store - BJÖRN #5: 10 största vetenskapliga nyheterna från 2022 enligt vetenskapsmänniksor.    https://www.theguardian.com/science/2022/dec/18/the-10-biggest-science-stories-of-2022-chosen-by-scientists  PRYLLISTA - David: Här är min mikrofon:           https://slatedigital.com/virtual-microphone-system/  - Björn: En brödrost till badkaret. https://www.etsy.com/listing/1106265688/toaster-bath-bomb-bleeds-red-in-the?show_sold_out_detail=1&source=aw           Jag vill bli Iron Man: https://www.etsy.com/listing/1246600849/iron-man-repulsor-iron-man-plasma  - Johan: retas med björn: https://www.kickstarter.com/projects/wonderfitter/the-ultimate-home-archery           https://www.komplett.se/product/1202977/dator-surfplatta/surfplattor/e-boklasare/onyx-boox-note-air-2-103-64gb#  EGNA LÄNKAR - En Liten Podd Om IT på webben,      http://enlitenpoddomit.se/  - En Liten Podd Om IT på Facebook,      https://www.facebook.com/EnLitenPoddOmIt/  - En Liten Podd Om IT på Youtube,      https://www.youtube.com/enlitenpoddomit  - Ge oss gärna en recension    - https://podcasts.apple.com/se/podcast/en-liten-podd-om-it/id946204577?mt=2#see-all/reviews      - https://www.podchaser.com/podcasts/en-liten-podd-om-it-158069  LÄNKAR TILL VART MAN HITTAR PODDEN FÖR ATT LYSSNA: - Apple Podcaster (iTunes), https://itunes.apple.com/se/podcast/en-liten-podd-om-it/id946204577  - Overcast, https://overcast.fm/itunes946204577/en-liten-podd-om-it  - Acast, https://www.acast.com/enlitenpoddomit  - Spotify, https://open.spotify.com/show/2e8wX1O4FbD6M2ocJdXBW7?si=HFFErR8YRlKrELsUD--Ujg%20  - Stitcher, https://www.stitcher.com/podcast/the-nerd-herd/en-liten-podd-om-it  - YouTube, https://www.youtube.com/enlitenpoddomit  LÄNK TILL DISCORD DÄR MAN HITTAR LIVE STREAM + CHATT - http://discord.enlitenpoddomit.se  (Och glöm inte att maila bjorn@enlitenpoddomit.se  om du vill ha klistermärken, skicka med en postadress bara. :) 

Ransomware-As-Service. What It's Really All About. Evil Online.  Come inside the minds o f the most notorious ransomware gangs.Overview of the MO (Modus Operandi) of REVIL, CONTI, HIVE, DARKSIDE and other ransomware gangs and how they drive their operations. This allows us to better defend ourselves and the organizations brands we serve. New Exclusive Content at CCJ PRIME. For less than 1 cup of coffee a month you can have it all. Exclusive videos, in-depth interviews, Premium Resources for Skills training and Brand Building and Brand Protection. CLICK HERE TO SUBSCRIBE to PRIME. https://glow.fm/cybercrimejunkiesprime/. Support the show

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Picture of the Week. Don't mess with Australia. Facebook / Meta fined by Ireland. REvil's full Medibank dump. Is nothing sacred? Mozilla yanks a (no longer) trusted root. Android Platform Certs Escape. South Dakota says: No more Tik-Tok. Albania blames its IT staff. Good news on the memory safe languages front. Black Hat USA 2022. Another Chrome 0-day bites the dust. Anker's Eufy Camera debacle. An amazing-looking WiFi-6 router... $119. Elon really said this. Closing the Loop. SpinRite. LastPass Again.   Show Notes https://www.grc.com/sn/SN-900-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow canary.tools/twit - use code: TWIT plextrac.com/twit

Latest Analysis on LOCKBIT. What to know with expert Jon DiMaggio, Chief Security Strategist at ANALYST 1 on cyberwarfare, LOCKBIT RANSOMWARE GANG and REVIL. Jon is the best-selling author of The ART of CYBERWARFARE. Grab your copy here.Thank you for being a CCJ!Protect Your Children without invading their privacy and get alerted when they are at risk of cyber-bullying, suicidal ideation, online predators or need assistance for their safety. We use it to protect our own families.Sign up and Protect your family with Bark using our affiliate Link Here. New Exclusive Content at CCJ PRIME. For less than 1 cup of coffee a month you can have it all. Exclusive videos, in-depth interviews, Premium Resources for Skills training and Brand Building and Brand Protection. CLICK HERE TO SUBSCRIBE to PRIME. https://glow.fm/cybercrimejunkiesprime/. Support the show

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: UK, USA ban Chinese security cameras What is the Boa webserver and why is it everywhere? Vanuatu, Guadeloupe smashed by ransomware REvil back with more dumps despite ASD attention Much, much more This week's sponsor guest is Jake King from Elastic Security, who joins us to talk through the company's most recent threat report. There's a link to the report in our show notes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes British government bans Chinese surveillance cameras from sensitive locations - The Record by Recorded Future US government bans Huawei, ZTE and Hikvision tech over ‘unacceptable' spying fears | TechCrunch What if Russian commercial aviation cuts too many safety corners? — Meduza Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa' IoT vulnerability - The Record by Recorded Future U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer – Krebs on Security Guadeloupe kickstarts continuity plan after wide-ranging cyberattack - The Record by Recorded Future Vanuatu hospital staff using pen and paper after cyber attack that crippled public sector - ABC News Extortion site used in Medibank attack goes offline after Australian gov pledges ‘offensive' actions - The Record by Recorded Future ThreatMon Ransomware Monitoring on Twitter: Risky Biz News: Australia passes new privacy bill with huge data breach fines Sandworm hacking group linked to new ransomware deployed in Ukraine - The Record by Recorded Future UK Parliament launches inquiry into national security strategy around ransomware - The Record by Recorded Future Canadian food giant refuses to pay ransom after gang threatens data leak - The Record by Recorded Future Almost 1,000 suspects arrested in Interpol operation which seized over $129 million - The Record by Recorded Future Risky Biz News: Authorities seize iSpoof in major blow to fraudsters and cybercrime groups Espionage group using USB devices to hack targets in Southeast Asia - The Record by Recorded Future WikiLeaks' Website Is Slowly Falling Apart European Parliament declares Russia a terrorism sponsor, then its site goes down | Ars Technica Hackers are spreading malware via trending TikTok challenge: report - The Record by Recorded Future Samantha Borrego iS iNfeCtEd noT pArAnOID on Twitter: elastic-global-threat-report-vol-1-2022.pdf

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he's also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals.  – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Ransomware negotiating 2:42 - How Tony Cook got into cybersecurity4:00 - Cook's work at GuidePoint 9:31 - Life as a ransomware negotiator 11:41 - Ransomware negotiation in 202213:52 - Stages of a successful ransomware negotiation 15:23 - How does ransomware negotiation work?19:11 - The difference between threat-acting groups20:43 - Bad ransomware negotiating22:43 - Ransomware negotiator support staff25:21 - Ransomware research26:26 - Is cyber insurance worth it? 29:14 - How do I become a ransomware negotiator? 32:25 - Soft skills for a ransomware negotiator33:46 - Threat research and intelligence work37:45 - Learn more about Cook and GuidePoint38:17 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Australian news bulletin for wednesday 09 November 2022 - SBS தமிழ் ஒலிபரப்பின் இன்றைய (புதன் கிழமை 09/11/2022) ஆஸ்திரேலியா குறித்த செய்திகள்.

The Today in Manufacturing Podcast is brought to you by the editors from Manufacturing.net and Industrial Equipment News (IEN). In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward. This week: - DeLorean's Daughter to Build New Model in Detroit- OSHA Proposes Steep Penalties After 7th Worker Severely Injured- Flying Car Can Drive on Streets, Take Off and Land Vertically- Suspension Bridge Collapse Kills at Least 133 in India- Owners Reacquire EDM Company Nearly 10 Years After SellingIn Case You Missed It- Hunt for Deep Sea Minerals Draws Scrutiny- Salary Transparency Laws Aim to Combat Pay Disparities- Stellantis Offers Buyouts to U.S. Workers Aged 55+Sponsor: Security Breach PodcastRegardless of what you might hear, supply chain disruptions, labor challenges and low-cost foreign competition are not the biggest threats to U.S. manufacturers. Ransomware gangs, phishing schemes and IP theft now top this list. That's why the Security Breach podcast, hosted by Jeff Reinke, takes these hackers to task, examining how groups like REvil and Exotic Lilly are able to organize their attacks and how the industrial sector can protect themselves against tools like Cobalt Strike and Raspberry Robin.Please make sure to like, subscribe and share the podcast. You could also help us out a lot by giving the podcast a positive review. Finally, to email the podcast, you can reach any of us at David, Jeff or David [at] ien.com, with “Email the Podcast” in the subject line.

ShadowTalk host Nicole alongside guests Rick and Ivan give you the latest in threat intelligence. This week they cover: -REvil connection to Ransom Cartel -Cryptocurrency hacks in Japan by Lazarus -Toyota T-Connect Attack Get this week's intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-21-october ***Resources from this week's podcast*** Ransomware in Q3 2022 https://www.digitalshadows.com/blog-and-research/ransomware-in-q3-2022/ Alternative Future Analysis: Pro-Russian Hacktivism https://www.digitalshadows.com/blog-and-research/alternative-future-analysis-pro-russian-hacktivism/ Special: Geoff White and the Lazarus Heist https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-geoff-white-and-the-lazarus-heist Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Ransom Cartel linked to REvil Do we need cybersecurity training for Gen Z? Open Compute Project announces Caliptra Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase. SafeBase's Smart Trust Center is a centralized source of truth for your organization's security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you'd save. Visit safebase.com to find out more.

REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world. A special thanks to our guest Will, a CTI researcher with Equinix. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more.

There's been a Cyberattack against Tata Power. The FBI warns US state political parties of Chinese scanning. Russian influence ops play defense; China's are on the offense. Ransom Cartel and a possible connection to REvil. "Prestige" ransomware is sighted in attacks on Polish and Ukrainian targets. Distributed denial-of-service attacks interfere with Bulgarian websites. Grayson Milbourne of OpenText Security Solutions on SBOMS. Our own Rick Howard checks in with Bryan Willett of Lexmark on implementation of Zero Trust. And Mr. Musk tweets his intention to continue to subsidize Starlink for Ukraine (probably). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/199 Selected reading. Hackers Attack Tata Power IT Systems: All You Need To Know (IndiaTimes) Chinese hackers are scanning state political party headquarters, FBI says (Washington Post) The Defender's Advantage Cyber Snapshot Issue 2 — More Insights From the Frontlines (Mandiant)  Ransom Cartel Ransomware: A Possible Connection With REvil (Unit 42) New “Prestige” ransomware impacts organizations in Ukraine and Poland (Microsoft Security Threat Intelligence) Bulgarian Government Hit By Cyberattack Blamed On Russian Hacking Group (RadioFreeEurope/RadioLiberty) 'The hell with it': Elon Musk tweets SpaceX will 'keep funding Ukraine govt for free' amid Starlink controversy (CNBC) Starlink isn't a charity, but the Ukraine war isn't a business opportunity (TechCrunch)

We speak with executives and security researchers from cybersecurity firm Trellix during the company's Xpand Live event about its new XDR solutions, trends, workforce development issues and the latest threat research.  Guest include CEO Bryan Palma on cybersecurity trends, workforce development issues and the future of XDR (0:50 – 12:37); Engineer and Head of Cyber Investigations John Fokker on actions the company took to help take down the REvil ransomware group (12:54 – 30:41); Principal Engineer & Director of Vulnerability Research Douglas McKee on a 15-year-old vulnerability in Python's tarfile module(30:55-35:50); and Senior Security Researcher Anne An on her recent research into cyberattacks against Taiwan (36:02 – 40:59 ). 

Strømkrisen i Norge debatteres heftig på tv, i leserinnlegg og rundt lunsjbordene. Mange peker på at et hardt ordskifte og tabloide vinklinger gir en lite meningsfull samtale. Kan nye måter å snakke sammen på gi mer bærekraftige løsninger? Nobels Fredssenter ønsker å stimulere til bedre dialog i samfunnet – vi inviterte derfor til et frokostmøte med strøm og gjester på menyen. Dialoggjester denne dagen: Eivind Trædal, MDG, Oslo bystyre, Forretningsutvalget, Bydel Alna Bjørn Revil, FRP, Oslo bystyre, Finansutvalget, Bydel Grünerløkka Ola Elvestuen, Venstre, Stortingsrep. Energi-og miljøkomiteen Mani Hussaini, AP, Stortingsrep., Energi-og miljøkomiteen Om arrangementsserien: Nobels Fredssenter åpner dørene for dialog gjennom en arrangementsserie hvor vi ser på dialogklimaet rundt dagsaktuelle temaer. Vår dialogekspert Chro Borhan tilrettelegger dialogen. Vi vil dele råd om hvordan snakke bedre sammen om vanskelige temaer og øve oss på dialog i praksis. Du ønskes velkommen til å lufte dine tanker og bekymringer i samtale med andre gjester.

REvil (or an impostor, or successor) may be back. A Paris-area medical center continues to work to recover from cyber extortion. An assessment of Russian failure (or disinclination) to mount effective cyber campaigns. Cyber criminals find wartime to be a tough time. Josh Ray from Accenture looks at cyber threats to the rail industry. Our guest is Dan Murphy of Invicti making the case that not all vulnerabilities are created equal. And Yandex Taxi's app was hacked in a nuisance attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/170 Selected reading. REvil says they breached electronics giant Midea Group (Cybernews) Paralysed French hospital fights cyber attack as hackers lower ransom demand (RFI) French hospital hit by $10M ransomware attack, sends patients elsewhere (BleepingComputer) Hacks tied to Russia and Ukraine war have had minor impact, researchers say (The Record by Recorded Future)  Getting Bored of Cyberwar: Exploring the Role of the Cybercrime Underground in the Russia-Ukraine Conflict (arXiv:2208.10629v2)  Why Russia's cyber war in Ukraine hasn't played out as predicted (New Atlas) Cyber key in Ukraine war, says spy chief (The Canberra Times)  Montenegro Sent Back to Analog by Unprecedented Cyber Attacks (Balkan Insight) Montenegro blames criminal gang for cyber attacks on government (EU Reporter) Ransomware Attack Sends Montenegro Reaching Out to NATO Partners (Bloomberg)  “I'm tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch (Digital Shadows) Yandex Taxi hack creates huge traffic jam in Moscow (Cybernews) Anonymous hacked Russia's largest taxi firm and caused a massive traffic jam (Daily Star)

Microsoft has released its second edition of Cyber Signals, a regular cyberthreat intelligence brief, spotlighting security trends and insights gathered from Microsoft's global security signals and experts. The specialisation and consolidation of the cybercrime economy have fueled ransomware-as-a-service (RaaS), becoming a dominant business model, enabling a wider range of criminals, regardless of their technical expertise, to deploy ransomware. This edition of Cyber Signals provides insights on the evolving factors shaping the extortion segment of the cybercrime economy, and the influential rise of RaaS powering ransomware attacks. The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure. Ransomware “gangs” are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads. This industrialisation of cybercrime has created specialised roles, like access brokers who sell access to networks. A single compromise often involves multiple cybercriminals in different stages of the intrusion. Key findings shared within the report include: Over 80% of ransomware attacks can be traced to common configuration errors in software and devices[i] Microsoft's Digital Crimes Unit directed the removal of more than 531,000 unique phishing URLs and 5,400 phish kits between?July 2021?and?June 2022, leading to the identification and closure of over 1,400 malicious email accounts used to collect stolen customer credentials[i] Median time for an attacker to access a person's private data if they fall victim to a phishing email is one hour, 12 minutes[i] For endpoint threats, the median time for an attacker to begin moving laterally within a corporate network if a device is compromised is one hour, 42 minutes[i] Guidance on how businesses can better pre-empt and disrupt extortion threats, by building their credential hygiene, auditing credential exposure, reducing the attack surface, securing their cloud resources and identities, better preventing initial access, and closing security blind spots. Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft, said: “It takes new levels of collaboration to meet the ransomware challenge. The best defenses begin with clarity and prioritisation, that means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport.” Microsoft's threat intelligence provides visibility into threat actors' actions. With a broad view of the threat landscape – informed by 43 trillion threat signals analysed daily, combined with the human intelligence of more than 8,500 Microsoft experts – threat hunters, forensics investigators, malware engineers, and researchers – Microsoft is able to see first-hand what organisations are facing, and is committed to helping businesses put that information into action to pre-empt and disrupt extortion threats. For more information on the RaaS landscape and its evolution, check out the Cyber Signals?microsite?and?report, as well as the Microsoft Security?blogpost?on this. To better understand the cybercrime gig economy and how businesses can protect themselves, visit the?Microsoft Security blog. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can he...

Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on "REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence." Secureworks researchers published a new analysis on what can be considered the ‘first' set of ransomware samples associated with the reemergence. These updated samples indicate that GOLD SOUTHFIELD has resumed operations. The research states "The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development." Researchers identified two samples, one in October of 2021, and the other in March of 2022. The March sample has modifications that lead researchers to distinguish the two samples from one another. The research can be found here: REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence

Rob Pantazopoulos from Secureworks, joins Dave to discuss their work on "REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence." Secureworks researchers published a new analysis on what can be considered the ‘first' set of ransomware samples associated with the reemergence. These updated samples indicate that GOLD SOUTHFIELD has resumed operations. The research states "The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development." Researchers identified two samples, one in October of 2021, and the other in March of 2022. The March sample has modifications that lead researchers to distinguish the two samples from one another. The research can be found here: REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence

Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was notified last week of an attack on one of their hospitality customers that they called "Layer 7" by a group claiming to be associated with REvil. In the research, they dive into the attack, as well as comparing it to other similar attacks that have been made by the group. The research states "The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the website." It also stated that this is a smaller attack than they have seen by the group before, and notes that there seems to be more of a political agenda behind the attack, whereas in the past, REvil has been less political. The research can be found here: REvil Resurgence? Or a Copycat?

Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was notified last week of an attack on one of their hospitality customers that they called "Layer 7" by a group claiming to be associated with REvil. In the research, they dive into the attack, as well as comparing it to other similar attacks that have been made by the group. The research states "The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the website." It also stated that this is a smaller attack than they have seen by the group before, and notes that there seems to be more of a political agenda behind the attack, whereas in the past, REvil has been less political. The research can be found here: REvil Resurgence? Or a Copycat?

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware activity that organizations need to look out for on their networks because they may indicate a ransomware attack in preparation?

Sanctions, blockades, and their effects on the world economy. Western nations remain on alert for Russian cyber attacks. REvil prosecution has reached a dead end. Microsoft issues mitigations for a recent zero-day. John Pescatore's Mr. Security Answer Person is back, looking at authentication. Joe Carrigan looks at new browser vulnerabilities. Notes from the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/104 Selected reading. In big bid to punish Moscow, EU bans most Russia oil imports (AP NEWS)  EU, resolving a deadlock, in deal to cut most Russia oil imports (Reuters The E.U.'s embargo will bruise Russia's oil industry, but for now it is doing fine. (New York Times)  Russia's Black Sea Blockade Will Turbocharge the Global Food Crisis (Foreign Policy)  Russia's Invasion Unleashes ‘Perfect Storm' in Global Agriculture (Foreign Policy)  ‘War in Ukraine Means Hunger in Africa' (Foreign Policy) Afghanistan's Hungry Will Pay the Price for Putin's War (Foreign Policy) Remote bricking of Ukrainian tractors raises agriculture security concerns (CSO Online) Major supermarkets 'uniquely vulnerable' as Russian cyber attacks rise (ABC) Italy warns organizations to brace for incoming DDoS attacks (BleepingComputer) Whitepaper - PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments (Dragos). Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks (IT Security News)  Putin horror warning over 'own goal' attack on UK coming back to haunt Kremlin (Express.co.uk)  Putin plot: UK hospitals at risk of chilling ‘sleeper cell' attack by Russia (Express)  Will Russia Launch a New Cyber Attack on America? (The National Interest)  Hackers wage war on Russia's largest bank (The Telegraph)  REvil prosecutions reach a 'dead end,' Russian media reports (CyberScoop)  Microsoft Office zero-day "Follina"—it's not a bug, it's a feature! (It's a bug) (Malwarebytes Labs). Microsoft Word struck by zero-day vulnerability (Register)  Clop ransomware gang is back, hits 21 victims in a single month (BleepingComputer) Conti ransomware explained: What you need to know about this aggressive criminal group (CSO Online) 

An encore performance of the Click Here pilot episode on REvil and how it landed on a new business model. It happened in an unlikely place: Texas.

If software has a dangerous and easy-to-exploit security vulnerability, should its maker tell customers to shut it down until it's fixed? It's a tough call, but one that Dutch company Hoppenbrouwers says the software vendor Kaseya should have undertaken last year to prevent a massive supply-chain attack executed by the REvil ransomware gang. The gang had uncovered flaws in Kaseya's Virtual Systems Administrator product that Kaseya was racing to patch. Hoppenbrouwers was one of more than 1,500 victims. Its systems were nearly completely encrypted, but it recovered quickly using backups. Transcript for this episode is here. Speakers: Marcel de Boer, Financial Director, Hoppenbrouwers; Jeremy Kirk, Executive Editor, Information Security Media Group. Production Coordinator: Rashmi Ramesh The Ransomware Files theme song by Chris Gilbert/© Ordinary Weirdos Records Music by Podcastmusic.com Follow The Ransomware Files on Twitter: @ransomwarefiles Follow The Ransomware Files on Instagram: @theransomwarefiles

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Conti's war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week's show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week's sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country's collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited' after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW's Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large' org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary

“If you believe in yourself and you're willing to put in that work, it WILL happen.” - Jon DiMaggio In this episode, Ron and Chris are joined by author and Chief Security Strategist, Jon DiMaggio, to talk about the power of believing in yourself and following through on your dreams. Jon shares the story behind writing his book, The Art of Cyber Warfare, and how he learned to overcome rejection.   Sponsor Links:  Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! Life is complex. But it's not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution. Check them out at Uptycs.com and be sure to stop by their booth #435 at RSA 2022   Guest Bio: Jon DiMaggio is the chief security strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-state intrusions, such as”Ransom Mafia: Analysis of the World's first Ransomware Cartel”,“Nation State Ransomware” and a “History of REvil”. He has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks, and discussed his work with The New York Times, Bloomberg, Fox, CNN, Reuters, and Wired. You can find Jon speaking about his research at conferences such as RSA. Additionally, in 2022, Jon authored the book “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” published by No Starch Press.   Links: Stay in touch with Jon DiMaggio on LinkedIn and Twitter Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Studio

A quick introductory note on Russia's hybrid war against Ukraine. Russian television schedules hacked to display anti-war message. Phishing campaign distributes Jester Stealer in Ukraine. European Council formally attributes cyberattack on Viasat to Russia. Costa Rica declares a state of emergency as Conti ransomware cripples government sites. DCRat and the C2C markets. The gang behind REvil does indeed seem to be back. More Joker-infested apps found in Google Play. Guest Nick Adams from Differential Ventures discusses what will drive continued growth of cybersecurity beyond attack surfaces and governance from a VC's perspective. Partner Ben Yelin from UMD CHHS on digital privacy concerns in the aftermath of the potential overturn of Roe vs Wade. And Spain's spyware scandal takes down an intelligence chief. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/90 Selected reading. Ukraine morning briefing: Five developments as Joe Biden warns Vladimir Putin has 'no way out' (The Telegraph) Viewpoint: Putin now faces only different kinds of defeat (BBC News)  Putin's Victory Day speech gives no clue on Ukraine escalation (Reuters)  On Victory Day, Putin defends war on Ukraine as fight against ‘Nazis' (Washington Post)  In Speech, Putin Shows Reluctance in Demanding Too Much of Russians (New York Times)  Putin's parade shows he "is going to continue at whatever cost" in Ukraine (Newsweek) Russia's display of military might sent the West a strong message – just not the one Putin intended (The Telegraph) Russian TV Schedules Hacked on Victory Day to Show Anti-War Messages (HackRead)  Russian TV hacked to say ‘blood of Ukrainians is on your hands' (The Telegraph)  Mass Distribution of Self-Destructing Malware in Ukraine (BankInfoSecurity)  Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council)

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

Five Minute Forecast for the week of May 9th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Security experts warn of a major vulnerability for F5 Networks' BIG-IP products The U.S. Chamber of Commerce to oppose SEC-proposed rules for cyber incident disclosure. And Costa Rica declares a national emergency amid a wave of ransomware attacks Joining us is senior threat researchers Daniel Blackford to discuss the return of the REvil gang.

Apple, Google y Microsoft implementarán FIDO / Los NFT por los suelos / REvil ha vuelto / Bugs curiosos en Google Docs y Outlook / TikTok compartirá dinero con los creadores / Starlink permitirá moverte por el mundo

In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack.

Five Minute Forecast for the week of May 2nd. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. REvil returns in what appears to be fallout from the Russia-Ukraine conflict A phishing scheme steals more than $20 million from the Department of Defense Onyx ransomware destroys data instead of locking it away Joining us is senior threat researcher Daniel Blackford, for an update on the Emotet malware.

Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week's DDoS incident was retaliation for Bucharest's support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/84 Selected reading. How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop)  Russian hackers compromise embassy emails to target governments (BleepingComputer)  Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR)  Feared Russian cyberattacks against US have yet to materialize (C4ISRNet) Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post)  A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer) Ukraine's Digital Fight Goes Global (Foreign Affairs) Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future)  REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer)

Ep. 48 of the Cyber Law Revolution podcast is live!In this episode, we discuss the resurgence of the notorious ransomware group, REvil, the broader implications of their reappearance, and how to defend ourselves against such groups proactively.Keep those questions, calls, comments coming - 410-917-5189 or spollock@mcdonaldhopkins.com

A renewed Five Eyes' warning about potential Russian cyberattacks. The FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business. Carole Theriault shares insights on bug bounty programs. Our own Rick Howard checks in with Zack Barack from Coralogix on where things stand with XDR. And beware of threats of Facebook account suspension. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/77 Selected reading. Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure US and allies warn of Russian hacking threat to critical infrastructure REvil's TOR sites come alive to redirect to new ransomware operation ( FBI Warns of Ransomware Attacks on Farming Co-ops During Planting, Harvest Seasons ( Phishing Site on Facebook Domain Used to Steal Credentials

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Some arrests of suspected Lapsus$ members in the UK Why the Okta incident is probably a fizzer Four FSB officers indicted over Triton/Trisis malware Kim Zetter interviewed Intrusion Truth Australian government to upsize ASD Wave bye bye to Finfisher Much, much more This week's sponsor interview is with Mike Wiacek from Stairwell. Stairwell makes a product that catalogues the files in your environment and lets you slice and dice that data. That makes threat hunting pretty easy and Mike is joining the show this week to talk about why organisations of all stripes should be doing threat hunting. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal - BBC News Okta ‘identifying and contacting' customers potentially affected by Lapsus$ breach - The Record by Recorded Future Okta revises original statement, says 366 customers affected by Lapsus$ breach - The Record by Recorded Future Okta apologizes for waiting two months to notify customers of Lapsus$ breach - The Record by Recorded Future Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show | TechCrunch DOJ unseals indictments of four Russian gov't officials for cyberattacks on energy companies - The Record by Recorded Future Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide | OPA | Department of Justice Intrusion Truth - Five Years of Naming and Shaming China's Spies ASD to double in size after $10bn cyber security funding boost - Security - iTnews How the Biden budget goes big on cyber - The Record by Recorded Future FBI, CISA advise 13,000 orgs to have 'low threshold' for reporting cyberattacks - The Record by Recorded Future Senate report examines REvil ransomware attacks on US firms - The Record by Recorded Future Senate ransomware investigation says FBI leaving victims in the lurch Surveillance software firm FinFisher declares insolvency - The Record by Recorded Future NSO refused Ukraine's request for Pegasus spyware so it wouldn't anger Russia - The Washington Post FCC puts Kaspersky on security threat list, says it poses “unacceptable risk” | Ars Technica Traffic at major Ukrainian internet service provider Ukrtelecom disrupted - The Record by Recorded Future An interview with the chief technical officer at Ukrtelecom - The Record by Recorded Future Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” – Krebs on Security North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets | Ars Technica Google releases emergency security update for Chrome users after second 0-day of 2022 discovered - The Record by Recorded Future Npm maintainers remove malicious packages after typosquatting attempt - The Record by Recorded Future ‘Spam Nation' Villain Vrublevsky Charged With Fraud – Krebs on Security $2 million stolen from DeFi protocol Revest Finance, platform unable to reimburse victims - The Record by Recorded Future Flash loan attack on One Ring protocol nets crypto-thief $1.4 million | The Daily Swig More than $625 million stolen in DeFi hack of Ronin Network - The Record by Recorded Future Hackers Who Stole $50 Million in Crypto Say They Will Refund Some Victims

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Germany issues stark warning to Kaspersky users Ukraine SATCOM hack keeps getting more interesting Russia to spin up its own CA, but it's not what it seems Why the ransomware threat could get worse, then better Much, much more This week's show is brought to you by Fastly. Kelly Shortridge, Fastly's Senior Principal Product Technologist, joins the show this week to tell us what modern security actually looks like. Kelly is always fascinating so we were thrilled she was in the sponsor chair this week. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes German government issues warning about Kaspersky products - CyberScoop Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters SATELLITE SYSTEMS, SATCOM AND SPACE SYSTEMS UPDATE Russia to create its own security certificate authority, alarming experts Political fallout in cybercrime circles upping the threat to Western targets (2) Oleg Shakirov on Twitter: "Russia's deputy foreign minister says he hopes the Russian-U.S. dialogue on cyber security will be resumed in response to a question whether it has been frozen He adds that it can bring tangible results like the disruption of REvil https://t.co/m817WD80vr" / Twitter FinCEN warns ransomware proceeds could be part of Russia sanctions evasion Biden takes big step toward government-backed digital currency Ukrainian hackers say HackerOne is blocking their bug bounty payouts | TechCrunch (2) Techmeme on Twitter: "Sources: Apple and Google removed Kremlin critic Navalny's app in September after FSB agents came to homes of top execs and threatened to take them to prison (Washington Post) https://t.co/nqvtHmG1Ft https://t.co/gQCcnFhnyo" / Twitter Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware | The Daily Swig (2) ESET research on Twitter: "#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine