Podcasts about scattered spider

  • 63PODCASTS
  • 114EPISODES
  • 38mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 20, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about scattered spider

Latest podcast episodes about scattered spider

IDTheftCenter
The Weekly Breach Breakdown Podcast by ITRC: Spiderwebs – S6E19

IDTheftCenter

Play Episode Listen Later Jun 20, 2025 4:13


Welcome back to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown, supported by Sentilink. I'm James E. Lee, the ITRC's President, and this is the episode for June 20, 2025. Happy first day of summer! Each week, we take a look at the latest news and trends related to data security and privacy. This week, we're going to talk about a heads-up being issued by cyber threat researchers. However, we're going to swerve into the rapidly changing cybersecurity policy landscape and ransomware group Scattered Spider – just for fun. If you ask an artificial intelligence bot how many people in the U.S. are afraid of spiders, it will tell you that up to 50 million people suffer from arachnophobia. I'm not one of them, but I'm close. With that said, not all scary spiders are of the 8-legged freak. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

Cyber Security Today
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill

Cyber Security Today

Play Episode Listen Later Jun 18, 2025 11:14 Transcription Available


In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year.  Microsoft's urgent security updates address active zero-day vulnerabilities that allow complete system control. Researchers uncovered an unprotected database exposing 184 million plaintext passwords linked to major platforms. Additionally, musician Beardly Jordan has developed 'Poison Deify,' a technology to protect his music from unauthorized AI scraping by embedding adversarial noise that disrupts machine learning algorithms. These developments highlight the evolving cybersecurity landscape, from coordinated cyber-attacks to innovative countermeasures against AI exploitation. For further details and to engage with the content, listeners are encouraged to visit technewsday.ca. 00:00 Introduction and Headlines 00:30 Scattered Spider Targets US Insurance Companies 02:26 Microsoft Urges Immediate Windows Updates  04:15 Massive Database Breach Exposes 184 Million Passwords 06:59 Musician Strikes Back at AI with Audio Poison Pill 10:07 Implications for Cybersecurity 10:37 Conclusion and Listener Engagement

Hack Naked News (Audio)
AI Zombie Lawyer, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet - SWN #486

Hack Naked News (Audio)

Play Episode Listen Later Jun 17, 2025 36:26


AI Zombie Lawyers, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-486

Modern Wisdom
#954 - Joe Tidy - Chasing The Most Hated Hacker In History

Modern Wisdom

Play Episode Listen Later Jun 14, 2025 89:37


Joe Tidy is a BBC cybersecurity correspondent, covering hacking, data security, and online safety. Many have either fallen victim personally to a cyberattack or know someone who has. But what exactly is this growing threat? Who's behind it, why are they doing it, and, most importantly, how can you protect yourself? Expect to learn what Scattered Spider is, if teenage hackers are the new digital cartel and why Russia is such a hotbed for hacking, when cyber security attacks will be treated as an act of war, the wild story of the hacker Julius Kivimäki, the fallout from the crowd strike attack the put the world on standstill, if regulation of the dark web and crypto economy will ever evolve past what it is today, and much more… Sponsors: See discounts for all the products I use and recommend: https://chriswillx.com/deals Get 35% off your first subscription on the best supplements from Momentous at https://livemomentous.com/modernwisdom Get the brand new Whoop 5.0 at https://join.whoop.com/modernwisdom Get a 20% discount & free shipping on Manscaped's shavers at https://manscaped.com/modernwisdom (use code MODERNWISDOM20) Extra Stuff: Get my free reading list of 100 books to read before you die: https://chriswillx.com/books Try my productivity energy drink Neutonic: https://neutonic.com/modernwisdom Episodes You Might Enjoy: #577 - David Goggins - This Is How To Master Your Life: https://tinyurl.com/43hv6y59 #712 - Dr Jordan Peterson - How To Destroy Your Negative Beliefs: https://tinyurl.com/2rtz7avf #700 - Dr Andrew Huberman - The Secret Tools To Hack Your Brain: https://tinyurl.com/3ccn5vkp - Get In Touch: Instagram: https://www.instagram.com/chriswillx Twitter: https://www.twitter.com/chriswillx YouTube: https://www.youtube.com/modernwisdompodcast Email: https://chriswillx.com/contact - Learn more about your ad choices. Visit megaphone.fm/adchoices

Paul's Security Weekly
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482

Paul's Security Weekly

Play Episode Listen Later Jun 3, 2025 37:10


Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-482

Hack Naked News (Audio)
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482

Hack Naked News (Audio)

Play Episode Listen Later Jun 3, 2025 37:10


Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-482

Hack Naked News (Video)
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482

Hack Naked News (Video)

Play Episode Listen Later Jun 3, 2025 37:10


Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-482

Risky Business
Risky Business #793 -- Scattered Spider is hijacking MX records

Risky Business

Play Episode Listen Later May 28, 2025 64:52


In this week's edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week's news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS … ‘cause that's how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISA's leadership is fleeing in droves, even though the US needs them more than ever. This week's episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year's RSA conference. This episode is also available on Youtube. Show notes China-linked ‘Silk Typhoon' hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events

Adversary Universe Podcast
Catching Up on Cloud Attack Paths with Cloud Threat Specialist Sebastian Walla

Adversary Universe Podcast

Play Episode Listen Later May 28, 2025 28:53


Today's adversaries are increasingly operating in the cloud — and Sebastian Walla, Deputy Manager of Emerging Threats at CrowdStrike, is watching them. In this episode, he joins Adam and Cristian to dive into the latest cloud attack techniques and the adversaries behind them. So, who are they? SCATTERED SPIDER and LABYRINTH CHOLLIMA are two of the threat actors targeting and navigating cloud environments, but they have distinct methods of doing so. This conversation explores the different ways they slip into organizations undetected, some of the tools they rely on, and how they operate under the radar. It also touches on the future of cloud threat activity and AI's influence on how these attacks are evolving. Of course, no Adversary Universe episode is complete without guidance. Adam, Cristian, and Sebastian share best practices for protecting enterprise cloud environments from these threats as adversaries continue to take aim.

Today in Health IT
2 Minute Drill: Kettering Health Ransomware, Scattered Spider's Campaign, and Facebook's Breach Drex DeFord

Today in Health IT

Play Episode Listen Later May 23, 2025 5:28 Transcription Available


Drex covers in-depth look at the ongoing ransomware attack on Kettering Health, attributed to the Interlock gang known for double extortion tactics - stealing data before encrypting systems. The health system demonstrates exemplary crisis communication while maintaining operations and warning patients about related scams. Next, the Scattered Spider cybercriminal group shifts focus to European retail, using social engineering tactics and freelancer networks to target help desks and employees for credential theft. Finally, a massive data scraping incident exposes 1.2 billion Facebook records on dark web marketplaces, including names, emails, birthdays, and phone numbers. Essential updates for healthcare security professionals navigating today's threat landscape. Remember, Stay a Little Paranoid  X: This Week Health  LinkedIn: This Week Health  Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer 

ZD Tech : tout comprendre en moins de 3 minutes avec ZDNet
Cyberattaque : qui en veut à ce point à Marks & Spencer ?

ZD Tech : tout comprendre en moins de 3 minutes avec ZDNet

Play Episode Listen Later May 23, 2025 3:01


Aujourd'hui, on parle de la célèbre chaîne de grande distribution britannique Marks & Spencer, qui vient de révéler les conséquences colossales d'une cyberattaque en cours.Son impact financier est estimé à plus de 355 millions d'euros, et cela bien sûr pèse très très lourd sur son résultat opérationnel pour l'exercice en cours.Une attaque massive aux conséquences durablesD'abord, il s'agit d'une attaque massive aux conséquences durables.Depuis mi-avril, Marks & Spencer subit une attaque informatique majeure, probablement un rançongiciel. Et les conséquences sont terribles. Les ventes en ligne sont suspendues, les paiements sans contact sont bloqués, et les problèmes de réapprovisionnement vident les rayons alimentaires des magasins.Et la reprise de la vie normale de l'entreprise est espérée pour au minimum juillet prochain. D'où évidemment la perte abyssale de chiffre d'affaires attendue par l'entreprise, pas moins de 355 millions d'euros.Alors qui en veut à ce point à Marks & Spencer ?Les enquêteurs soupçonnent un groupe de cybercriminel appelé Scattered Spider. Ce groupe est connu pour ses attaques sophistiquées et sa communication très coordonnée en ligne. Mais pour l'instant, rien n'est confirmé.L'unité nationale de lutte contre la cybercriminalité britannique évoque plusieurs autres pistes. Cependant, l'heure est surtout au sauvetage d'une entreprise désormais très proche du naufrage.« Nous nous concentrons désormais sur la reprise, visant à restaurer nos systèmes, nos opérations et notre offre client au cours du premier semestre », mentionne l'entreprise par communiqué.Des impacts financiers et réputationnels inédits et très conséquentsSurtout, les impacts financiers et réputationnels sont inédits et très conséquents.D'une part, l'entreprise reconnaît que des données personnelles de clients ont été dérobées. Elle assure toutefois que les mots de passe et les infos de paiement n'ont pas fuité.Reste que la réputation de la société auprès des clients et des fournisseurs pâtit de cette situation.Mais en plus des coûts directs, Marks & Spencer pourrait faire face à une amende du régulateur de la protection des données. Des grandes entreprises britanniques, comme British Airways ou Tesco Bank, ont déjà été sanctionnées ainsi par le passé.Heureusement, l'enseigne est assurée à hauteur de 120 millions d'euros, et sa division alimentaire, elle, reste très performante.Le ZD Tech est sur toutes les plateformes de podcast ! Abonnez-vous !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.

The Cybersecurity Defenders Podcast
#216 - Intel Chat: Scattered Spider, TA406, Oriental Gudgeon & Apple patches

The Cybersecurity Defenders Podcast

Play Episode Listen Later May 21, 2025 34:54


In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A report from Google on how to defend against UNC3944, better known as Scattered Spider.North Korea-backed threat actor TA406 has shifted its focus to targeting Ukrainian government agencies, according to new research from Proofpoint.Since October 2024, urlscan.io has been tracking a phishing campaign known as Oriental Gudgeon, which is targeting over 40 Japanese commercial entities—mostly in the financial services sector.Apple has released a substantial batch of security updates across its software ecosystem, including iOS 18.5, iPadOS, and the latest versions of macOS. And the article Matt mentions about CISA shifting their alert distribution strategy: https://www.infosecurity-magazine.com/news/cisa-alert-strategy-email-social/

Reimagining Cyber
The Enemy Within: The Hidden Risk of Insider Threats - Ep 150

Reimagining Cyber

Play Episode Listen Later May 21, 2025 17:47


In this episode of Reimagining Cyber, Tyler Moffitt, Senior Security Analyst at OpenText Cybersecurity, delves inro the complex issue of insider threats. He concentrates on the two main types of insider threats: malicious insiders who knowingly abuse their access, and unintentional insiders who fall prey to phishing and other social engineering attacks. The conversation is highlighted by recent high-profile cases such as the Coinbase breach, where a third-party contractor was bribed, and the Scattered Spider group's attack on UK retailers like Marks and Spencer and Co-op. The episode explores the real-world financial impacts of these breaches and offers detailed strategies for defending against insider threats, emphasizing the importance of layered security, strict access controls, and thorough training. Listen to learn more about the evolving landscape of insider threats and how to protect your organization.Links mentioned in this episode:https://community.opentext.com/cybersecFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday, May 18th 2025: xorsearch python functions; pwn2own Berlin; senior govt official impersonation; dynamic domain risk

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 19, 2025 6:30


xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Malicious Messaging Campaign The FBI warns of senior US officials being impersonated in text and voice messages. https://www.ic3.gov/PSA/2025/PSA250515 Scattered Spider: TTP Evolution in 2025 Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/

The Segment: A Zero Trust Leadership Podcast
The Monday Microsegment for the week of 5/19/2025

The Segment: A Zero Trust Leadership Podcast

Play Episode Listen Later May 19, 2025 7:01


The Monday Microsegment for the week of May 19th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.- Japan's cyber defense is going on the offense- Scattered Spider crawls its way to the U.S. after UK crime spree.- And Spain reconsiders whether cyberattacks caused last month's national blackoutAnd Christer Swartz us for "Boos and Bravos."Head to The Zero Trust Hub: hub.illumio.comIntroducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

Cyber Security Headlines
UK retailer update, Microsoft Defender disabler, deepfakes target officials

Cyber Security Headlines

Play Episode Listen Later May 19, 2025 8:10


Scattered Spider facilitates UK retail hacks and is moving to the U.S. Defendnot tool can disable Microsoft Defender FBI warns government officials about new waves of deepfakes Huge thanks to our sponsor, Conveyor Are you dealing with security questionnaire chaos this week? If so, get Conveyor's AI to knock them out for you. Connect Conveyor to any source, easily upload any format of questionnaire or use the browser extension for portals and their AI handles the rest—from parsing the questions to generating answers and auto-tagging collaborators. Let Conveyor do the work for you. Learn more at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.

Risky Business News
Risky Bulletin: Coinbase reveals insider breach, extortion attempt

Risky Business News

Play Episode Listen Later May 16, 2025 7:41


Coinbase was extorted by hackers who bribed employees for user data, America's largest steel producer halts production after a cyberattack, Scattered Spider shifts to targeting US retailers, and the US abandons plans to protect Americans from data brokers. Show notes

Infosec Decoded
Scattered Spider

Infosec Decoded

Play Episode Listen Later May 16, 2025 56:39


Infosec Decoded Season 5 #38: Scattered SpiderWith sambowne@infosec.exchangeLinks: https://samsclass.info/news/news_051625.htmlRecorded Fri, May 16, 2025

The CyberWire
Bypassing Bitlocker encryption.

The CyberWire

Play Episode Listen Later May 15, 2025 39:08


Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. Listen to Devin's interview here. Selected Reading Google fixes high severity Chrome flaw with public exploit (Bleeping Computer) BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released (Cyber Security News) The Internet's Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED)  German operation shuts down crypto mixer eXch, seizes millions in assets (The Record) CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED) EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis (Irish Council for Civil Liberties) Operation RoundPress targeting high-value webmail servers (We Live Security) Google says hackers that hit UK retailers now targeting American stores (Reuters) Cybersecurity incident forces largest US steelmaker to take some operations offline (The Record) Infosec Layoffs Aren't the Bargain Boards May Think (Dark Reading)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

PEBCAK Podcast: Information Security News by Some All Around Good People
Episode 207 - 25% of Community College Students Are Bots, Microsoft Kills the Password, Scattered Spider Ransomware Gang Lives On, Data Protection Stories

PEBCAK Podcast: Information Security News by Some All Around Good People

Play Episode Listen Later May 12, 2025 49:02


Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   25% of community college students are AI bots https://calmatters.org/education/higher-education/2024/04/financial-aid-fraud/  https://x.com/elonmusk/status/1916365142918300053   Microsoft makes accounts passwordless by default https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/   Scattered Spider ransomware crew lives on https://www.darkreading.com/cyberattacks-data-breaches/despite-arrests-scattered-spider-continues-hacking   Data Protection https://www.zscaler.com/products-and-solutions/data-protection   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/ Raja - https://www.linkedin.com/in/rajazkhalid/

Cybercrime Magazine Podcast
Cybercrime News For May 8, 2025: Scattered Spider Suspected in U.K. Retail Cyberattacks

Cybercrime Magazine Podcast

Play Episode Listen Later May 8, 2025 2:26


The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Stories of our times
Who's behind the M&S cyber attack?

Stories of our times

Play Episode Listen Later May 7, 2025 26:57


How do hackers take down a high street staple? What started as a contactless payment outage at Marks and Spencer, quickly became the retail fortnight from hell, as cyber attacks have brought brands to a crashing halt in online trading over the last two weeks. So who is behind it, and what are their methods? And more importantly, how do you guard yourself in an evermore online world?This podcast was brought to you thanks to the support of readers of The Times and The Sunday Times. Subscribe today: http://thetimes.com/thestoryGuest: Mark Sellman, Technology Correspondent, The TimesHost: Luke JonesProducer: Rosie StopherFurther reading: Who are Scattered Spider hackers linked to the M&S cyberattack?M&S and Co-op cyberattackers ‘tricked IT into resetting passwords'M&S staff share war stories of ‘toughest' week after cyberattackClips: Sky News, BBC, ITVPhoto: The TimesGet in touch: thestory@thetimes.com Hosted on Acast. See acast.com/privacy for more information.

The Gate 15 Podcast Channel
Weekly Security Sprint EP 110. Disrupted attacks, hurricane preparedness, and cyber reviews

The Gate 15 Podcast Channel

Play Episode Listen Later May 7, 2025 23:17


In the latest Security Sprint, Dave and Andy covered the following topics:Warm Open:• (TLP:CLEAR) WaterISAC – EPA: National Security Information Sharing Bulletin - Q2 2025• REGISTER NOW! WaterISAC's 2025 H2OSecCon! Happening virtually Tuesday May 20th from 11am-5pm ET. Learn more and register here! • Crypto ISAC Expands Leadership Team to Support Next Phase of Industry Collaboration and Operational Scale & Crypto Hacks and Scams Hit $364M in April, Says CertiK• Continuity Planning: Conducting Tabletop Exercises; Facilities teams need to participate in Tabletop exercises to prepare for emergency events and situations. Main Topics:Physical Security• Brazil police thwart bomb attack on Lady Gaga concerto Two Arrested in Plot to Bomb Lady Gaga's Rio Concert• Florida Man Arrested in Foiled Mass Shooting Plot – Church Listed Among Targetso Arrest in Florida reveals love link, conspiracy between man and Wisconsin school shootero Loxahatchee man linked to WI school shooter accused of 7 mass shooting threats• Eight arrests in connection with two separate terrorism investigations o UK Met: Five arrested as part of Counter Terrorism Policing operationo UK Met: Three people arrested as part of Counter Terrorism Policing operationo ‘Iranian terror attack' foiled with hours to spare; Authorities feared attack on ‘specific premises' was imminent as seven arrested• Teen Arrested In German Synagogue Attack PlotSevere Weather• NOAA: Hurricane Prep: social media (English). The Hurricane Preparedness Week Social Media Plan.• Monster quake could sink swath of California.o Tsunami Warning Issued After Huge Earthquake Off Argentinao Earthquake of magnitude 5.83 strikes La Rioja Province, Argentina, GFZ saysCybersecurity• Q1 Ransomware Report: The organizational structure of ransomware threat actor groups is evolving before our eyes.• Surefire Cyber: Ransomware Threat Evolution Q1 2025• Retail Ransomware Attacks Claimed by DragonForce:o Incidents impacting retailers – recommendations from the NCSCo Co-op cyber attack affects customer data, firm admits, after hackers contact BBCo Co-op confirms data theft after DragonForce ransomware claims attacko DragonForce Ransomware Gang | From Hacktivists to High Street Extortionistso DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front dooro Marks & Spencer breach linked to Scattered Spider ransomware attacko NCSC statement: Incident impacting retailerso Luxury store Harrods is latest retail victim of cyber attackers o Harrods is latest British retailer to be hit by cyber attacko UK Retailers Co-op, Harrods and M&S Struggle With Cyberattackso Harrods the next UK retailer targeted in a cyberattackQuick Hits:• Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis • FBI PSA: Threat Actors Use "Swatting" to Target Victims Nationwide, April 29, 2025• TLP CLEAR FBI FLASH Phishing Domains Associated with LabHost PhaaS Platform Users (PDF)• With Love, From North Korea…

The CyberWire
AI on the offensive.

The CyberWire

Play Episode Listen Later May 1, 2025 33:08


Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia's Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as “TheWizards” is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23-year-old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the U.S. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti-malware plugin. Our guest is Andy Cao from ProjectDiscovery, the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the Street interviews from the RSAC floor.  Research reveals the risk of juice jacking isn't entirely imaginary.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Andy Cao from ProjectDiscovery, who is the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest 2025 event. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Shane Harding CEO of Devicie and Nathan Ostrowski Co-Founder Petrą Security.  You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Ex-NSA cyber boss: AI will soon be a great exploit dev (The Register)  AI makes China leading threat to US critical infrastructure, says FBI official (SC World) North Korean operatives have infiltrated hundreds of Fortune 500 companies (CyberScoop) France Blames Russia for Cyberattacks on Dozen Entities (SecurityWeek) SonicWall OS Command Injection Vulnerability Exploited in the Wild (Cyber Security News) Hackers abuse IPv6 networking feature to hijack software updates (Bleeping Computer)  New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials (GB Hackers) Alleged ‘Scattered Spider' Member Extradited to U.S. (Krebs on Security) Senators Urge FTC Action on Consumer Neural Data, Signaling Heightened Scrutiny (Cooley) New WordPress Malware as Anti-Malware Plugin Take Full Control of Website (Cyber Security News)  iOS and Android juice jacking defenses have been trivial to bypass for years (Ars Technica)Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
Scattered Spider extradition, Telecom hack warnings, Impersonation scammer takedown

Cyber Security Headlines

Play Episode Listen Later May 1, 2025 9:10


Alleged ‘Scattered Spider' member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. For the stories behind the headlines, visit CISOseries.com.

Sky News Daily
What is going on with the retail cyber attacks?

Sky News Daily

Play Episode Listen Later May 1, 2025 13:08


M&S has been targeted in a cyber attack which has left it unable to process online orders or take contactless payments. Some experts predict it could be costing the company millions of pounds each day.The notorious hacking group, Scattered Spider is believed to be behind the attack. A cyber security company has told Sky News the group is "one of the most dangerous and active groups" they are monitoring.There've also been cyber attacks against Harrods and the Co-Op which are being investigated?On today's Sky News Daily Niall Paterson talks to our science and technology reporter, Mickey Carroll, about Scattered Spider and what can be done to tackle cyber gangs.Producer: Natalie Ktena Editor: Wendy Parker 

The CyberWire
Less CISA, more private sector power?

The CyberWire

Play Episode Listen Later Apr 30, 2025 36:06


DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple's AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading DHS Secretary Noem: CISA needs to get back to ‘core mission' (CyberScoop) Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record) Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop) Infosec pros rally against Trump's attack on Chris Krebs (The Register) Scattered Spider Suspected in Major M&S Cyberattack (Hackread) AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA Releases Three Industrial Control Systems Advisories (CISA) Instagram's AI Chatbots Lie About Being Licensed Therapists  (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Highlights from The Hard Shoulder
Tech Takeover: Who are ‘Scattered Spider'?

Highlights from The Hard Shoulder

Play Episode Listen Later Apr 30, 2025 9:42


Newstalk's Technology Correspondent Jess Kelly joins Kieran to discuss Scattered Spider - one of the most dangerous and prolific hacking groups in the world, and presumed to be behind the recent hack of Marks & Spencer. She talks about how these hacking groups operate, and how some of them are asking AI to generate malicious code…

The CyberWire
Using AI to sniff out opposition.

The CyberWire

Play Episode Listen Later Apr 8, 2025 37:23


Is DOGE using AI to monitor federal employees? Google's latest Android update addresses two zero-days. Scattered Spider continues its phishing and malware campaigns. Ransomware's grip is slipping. ToddyCat exploits a critical flaw in ESET products. Oracle privately confirms a legacy system breach. Over 5,000 Ivanti Connect Secure appliances remain exposed online to a critical remote code execution vulnerability. CISA confirms active exploitation of a critical vulnerability in CrushFTP. In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response at Varonis, on turning to gamers to to Build Resilient Cyber Teams. AI outphishes human red teams.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, as he is discussing research on “From Gamer to Leader: How to Build Resilient Cyber Teams.” Catch Matt's keynote at RSAC 2025 on April 30th.  Selected Reading Exclusive: Musk's DOGE using AI to snoop on U.S. federal workers, sources say (Reuters) Tariff Wars: The Technology Impact (BankInfo Security) Google Patched Android 0-Day Vulnerability Exploited in the Wild (Cyber Security News)  Scattered Spider adds new phishing kit, malware to its web (The Register) Ransomware Underground Faces Declining Relevance (BankInfo Security) ESET Vulnerability Exploited for Stealthy Malware Execution (SecurityWeek) Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials (Cyber Security News)  Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk (SecurityWeek) CISA Warns of CrushFTP Vulnerability Exploitation in the Wild (Infosecurity Magazine) AI Outsmarts Human Red Teams in Phishing Tests (GovInfo Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Paul's Security Weekly
Soft skills for engineers - Evgeniy Kharam, Paul Nguyen - ESW #401

Paul's Security Weekly

Play Episode Listen Later Apr 7, 2025 123:22


When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-401

Enterprise Security Weekly (Audio)
Soft skills for engineers - Evgeniy Kharam, Paul Nguyen - ESW #401

Enterprise Security Weekly (Audio)

Play Episode Listen Later Apr 7, 2025 123:22


When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-401

Paul's Security Weekly TV
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401

Paul's Security Weekly TV

Play Episode Listen Later Apr 7, 2025 43:15


You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs Show Notes: https://securityweekly.com/esw-401

Enterprise Security Weekly (Video)
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401

Enterprise Security Weekly (Video)

Play Episode Listen Later Apr 7, 2025 43:15


You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs Show Notes: https://securityweekly.com/esw-401

Identity At The Center
#339 - Sponsor Spotlight - Permiso

Identity At The Center

Play Episode Listen Later Mar 26, 2025 56:38


This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity

The Cybersecurity Defenders Podcast
#177 - Intel Chat: Supply-Chain Firewall, Scattered Spider, Linux malware & another NTLM exploit

The Cybersecurity Defenders Podcast

Play Episode Listen Later Dec 12, 2024 27:19


In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms. A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories. A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022. And you can subscribe to Detection Engineering Weekly here.

Risky Business
Risky Business #774 -- Cleo file transfer appliances under widespread attack

Risky Business

Play Episode Listen Later Dec 11, 2024 62:28


On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Cleo file transfer products have a remote code exec, here we go again! Snowflake phases out password-based auth Chinese Sophos-exploit-dev company gets sanctioned Romania's election gets rolled back after Tiktok changed the outcome AMD's encrypted VM tech bamboozled by RAM with one extra address bit Some cool OpenWRT research And much, much more. This week's episode is sponsored by Thinkst, who love sneaky canary token traps. Jacob Torrey previews an upcoming Blackhat talk filled with interesting operating system tricks you can use to trigger canaries in your environment. You wont believe the third trick! Attackers hate him! This episode is also available on Youtube. Show notes Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 | Huntress Blue Yonder investigating data leak claim following ransomware attack | Cybersecurity Dive Snowflake to phase out single-factor authentication by late 2025 | Cybersecurity Dive Treasury Sanctions Cybersecurity Company Involved in Compromise of Firewall Products and Attempted Ransomware Attacks | U.S. Department of the Treasury Another teenage hacker charged as feds continue Scattered Spider crackdown | The Record from Recorded Future News Germany arrests suspected admin of country's largest criminal marketplace | The Record from Recorded Future News FCC, for first time, proposes cybersecurity rules tied to wiretapping law | CyberScoop Russian state hackers abuse Cloudflare services to spy on Ukrainian targets | The Record from Recorded Future News Cloudflare's pages.dev and workers.dev Domains Increasingly Abused for Romania annuls presidential election over alleged Russian interference | The Record from Recorded Future News EU demands TikTok 'freeze and preserve data' over alleged Russian interference in Romanian elections | The Record from Recorded Future News Research Note: Meta's Role in Romania's 2024 Presidential Election - CheckFirst Key electricity distributor in Romania warns of ‘cyber attack in progress' | The Record from Recorded Future News Backdoor slipped into popular code library, drains ~$155k from digital wallets - Ars Technica AMD's trusted execution environment blown wide open by new BadRAM attack - Ars Technica New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader – PT SWARM Telegram partners with child safety group to scan content for sexual abuse material Apple hit with $1.2B lawsuit after killing controversial CSAM-detecting tool - Ars Technica Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research How do I turn on the Do Not Track feature? | Firefox Help

The CyberWire
The NTLM bug that sees and steals.

The CyberWire

Play Episode Listen Later Dec 6, 2024 34:11


Researchers uncover a critical Windows zero-day.  An alleged Ukrainian cyberattack targets one of Russia's largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets caught in the crypto mines.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining Dave today is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. Read more details in the press release.  Selected Reading New Windows 7 To 11 Warning As Zero-Day With No Official Fix Confirmed (Forbes) Russian users report Gazprombank outages amid alleged Ukrainian cyberattack (The Record) BlueAlpha Russian hackers caught abusing CloudFlare services (SC Media) U.S. org suffered four month intrusion by Chinese hackers (Bleeping Computer) Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (The Register) SonicWall Patches 6 Vulnerabilities in Secure Access Gateway (SecurityWeek) Mitel MiCollab zero-day and PoC exploit unveiled (Help Net Security) Atrium Health Data Breach Impacts 585,000 People (SecurityWeek) Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News) US arrests Scattered Spider suspect linked to telecom hacks  (Bleeping Computer) Nebraska Man pleads guilty to $3.5 million cryptojacking scheme (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Black Hills Information Security
2024-11-25 - Discordgate

Black Hills Information Security

Play Episode Listen Later Nov 27, 2024 66:22


00:00:00 - PreShow Banter™ — Discordgate00:09:24 - BHIS - Talkin' Bout [infosec] News 2024-11-2500:10:46 - Story # 1: DOJ says Google must sell Chrome to crack open its search monopoly00:12:08 - Story # 1b: DOJ's staggering proposal would hurt consumers and America's global technological leadership00:19:16 - Story # 2: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access00:24:37 - Story # 3: Palo Alto Networks tackles firewall-busting zero-days with critical patches00:25:46 - Discordgate Follow Up00:26:26 - Story # 4: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization00:31:08 - Story # 5: Fintech giant Finastra investigates data breach after SFTP hack00:34:01 - Story # 6: CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”00:38:49 - Story # 7: T-Mobile finally managed to thwart a data breach before it occured00:40:22 - Story # 8: D-Link urges users to retire VPN routers impacted by unfixed RCE flaw00:43:07 - Story # 9: US seizes PopeyeTools cybercrime marketplace, charges administrators00:46:19 - Story # 10: Razzlekhan, crypto's most embarrassing rapper, is going to prison00:48:31 - Story # 10b: Netflix has a perfectly timed Razzlekhan doc coming out in December00:50:10 - Story # 11: Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It00:55:11 - Story # 12: Microsoft president asks Trump to “push harder” against Russian hacks00:57:02 - Story # 13: Hackers Breach Andrew Tate's Online ‘University,' Exposing 800,000 Users01:00:36 - Story # 14: 7-Zip affected by dangerous vulnerability: users must update the app manually01:01:31 - Story # 15: Microsoft disrupts ONNX phishing-as-a-service infrastructure01:03:07 - Story # 16: US charges five linked to Scattered Spider cybercrime gang01:04:25 - Plug: Secure Code Summit 2024

The Cybersecurity Defenders Podcast
#171 - Intel Chat: Snowflake, Scattered Spider, CCP, Melofee backdoor, SilkSpecter & Palo Alto Networks

The Cybersecurity Defenders Podcast

Play Episode Listen Later Nov 23, 2024 43:29


In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.

Risky Business News
Risky Biz News: US charges five Scattered Spider members

Risky Business News

Play Episode Listen Later Nov 22, 2024 8:25


A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: US charges five Scattered Spider members

The CyberWire
No more spinach for PopeyeTools.

The CyberWire

Play Episode Listen Later Nov 21, 2024 37:05


The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged.  CISA warns of critical vulnerabilities in VMware's vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources:  Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks (Cyber Security News) US Gathers Allies to Talk AI Safety as Trump's Vow to Undo Biden's AI Policy Overshadows Their Work (SecurityWeek) MITRE Updates List of 25 Most Dangerous Software Vulnerabilities (SecurityWeek) BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk (Infosecurity Magazine) Manufacturing Sector Under Siege: Industry Faces Wave of Advanced Email Attacks (Abnormal Security) Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware (Cyber Security News) Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data (GB Hackers) Cyberattack at French hospital exposes health data of 750,000 patients (Bleeping Computer) Inside the Booming 'AI Pimping' Industry (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
Scattered Spider arrest, telcos attacked, Apple exploit

Cyber Security Headlines

Play Episode Listen Later Nov 21, 2024 8:04


US charges Scattered Spider members Chinese threat actors infiltrate more telcos Apple issues emergency security update Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. Get the stories behind the headlines at CISOSeries.com.

Paul's Security Weekly
Li-On, Lazarus, Whatsup, Scattered Spider, Hadooken, Dead People, Aaran Leyland... - SWN #413

Paul's Security Weekly

Play Episode Listen Later Sep 13, 2024 31:12


Through the Fire and Li-On Flames, Lazarus, Whatsup, Scattered Spider, Hadooken, Dead People, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-413

60 Minutes
08/11/2024: Scattered Spider, Work to Own, Greta Gerwig

60 Minutes

Play Episode Listen Later Aug 12, 2024 42:00


Ransomware attacks are on the rise across the world. How are U.S. companies being impacted and what can the government do about it? Bill Whitaker speaks with former NSA Director of Cybersecurity Rob Joyce and Las Vegas publisher Anthony Curtis. As the American wealth gap continues to widen, correspondent Jon Wertheim reports on an unlikely effort to get more money in the hands of rank-and-file workers. Pete Stavros is an executive at one of the biggest private equity firms in the country, KKR. His industry is famously cutthroat, but Stavros has emerged as a leading advocate for the concept of employee ownership, which takes the same incentives that have long helped the C-suite get rich and applies them to people working factories, flatbeds and farms. Wertheim travels to rural Illinois to find out how this model has impacted workers, and whether it's good for business. Sharyn Alfonsi profiles the brains behind BARBIE - filmmaker Greta Gerwig, whose outside-the-box blockbuster smashed box office records this summer. Alfonsi speaks with Gerwig about pulling off a delicate balancing act: giving voice to the iconic Barbie doll while appealing to her fiercest critics, and details Gerwig's journey from indie darling to billion-dollar director.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Patrick Madrid Show
The Patrick Madrid Show: August 12, 2024 - Hour 2

The Patrick Madrid Show

Play Episode Listen Later Aug 12, 2024 53:46


Patrick tackles the extravagance of destination bachelor and bride parties and questions the demands for cash gifts instead of traditional presents. Patrick explores the rich, meaningful traditions of weddings from biblical times and emphasizes the importance of prioritizing wholesome values over social media trends.   Email – What do you think of destination weddings or other outlandish weddings? (01:18) Scattered Spider, a group of young English speaking hackers, are causing some damage (13:36) Robin (email) – I'm a lector at Mass and someone interrupted me when I was praying Helen (email) – Should we ever call someone evil? (29:21) Debbie - What to do in a family situation where my daughter in law is having conversations with my other daughter's husband's family, as my daughter's husband is divorcing her?

The CyberWire
Spinning the web of tangled tactics. [Research Saturday]

The CyberWire

Play Episode Listen Later Aug 3, 2024 24:49


This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoint's DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can be found here: Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
CrowdStrike and Microsoft battle blue screens across the globe.

The CyberWire

Play Episode Listen Later Jul 22, 2024 40:25


Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks.  Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack.  This week on CSO Perspectives This week on N2K Pro's CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here.  Selected Reading Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity) Suspected Scattered Spider Member Arrested in UK (SecurityWeek) DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record) SocGholish malware used to spread AsyncRAT malware (Security Affairs) California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek) Finance: Secret Bank Ratings Show US Regulator's Concern on Handling Risk (Bloomberg) U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews) Internships can be a gold mine for cybersecurity hiring (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Scattered Spider hacker snagged in Spain.

The CyberWire

Play Episode Listen Later Jun 17, 2024 36:55


Spanish authorities snag a top Scattered Spider hacker. HC3 issues an alert about PHP. WIRED chats with ShinyHunters about the breach affecting Snowflake customers. Meta delays LLM training over European privacy concerns. D-Link urges customers to upgrade routers against a factory installed backdoor. A new Linux malware uses emojis for command and control. Vermont's Governor vetoes a groundbreaking privacy bill. California fines Blackbaud millions over a 2020 data breach. Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. N2K's CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode.  Be sure to change those virtual locks.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. You can learn more from their 2024 Voice of the CISO report.  CSO Perspectives  Dave is joined by N2K's CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode. You can find the accompanying essay here. If you are not an N2K CyberWire Pro subscriber, you can catch the first half of the episode as a preview here.  Selected Reading Alleged Scattered Spider ringleader taken down in Spain after law enforcement crackdown (ITPro) US HC3 issues alert on critical PHP vulnerability impacting healthcare sector (Industrial Cyber) Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake (WIRED) Meta Pauses European GenAI Development Over Privacy Concerns (Infosecurity Magazine) Hidden Backdoor in D-Link Routers Let Attacker Login as Admin (GB Hackers) New Linux malware is controlled through emojis sent from Discord (Bleeping Computer) Vermont governor rejects state's tough data privacy bill (The Record) Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (The Record) Former IT employee gets 2.5 years for wiping 180 virtual servers (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices