POPULARITY
This week on Cyber Matters, Tanner Wilburn and Katherine Kennelly begin with the widespread outages caused by a CrowdStrike update, discussing the implications for IT practices and the importance of testing updates before deployment. They then explore the dismissal of most of the SEC's lawsuit against SolarWinds and its former CISO, Timothy Brown. They provide background on the SolarWinds Orion software compromise and analyze the court's decision, particularly highlighting the setback for the SEC's authority in cybersecurity regulation. In data breach news, they discuss the arrest of a suspected Scattered Spider hacker in the UK and the ongoing costs of the Change Healthcare ransomware attack for UnitedHealth. They also cover a class-action lawsuit against a law firm related to a data breach. The podcast touches on allegations that AWS leased infrastructure to NSO Group, known for its controversial spyware. They also discuss a lawsuit against Patagonia for alleged violations of California privacy law from 1967 and explore the broader trend of CIPA litigation. In AI news, the hosts cover updated USPTO guidance for AI-related patent applications and Meta's decision not to offer future multimodal AI models in the EU. The episode concludes with a brief mention of Google's potential $23 billion acquisition of cybersecurity startup Wiz. Linkedin: https://www.linkedin.com/company/cyber-matters-podcast/ A breakdown of USPTO Guidance: https://www.intellectualpropertylawblog.com/archives/uspto-issues-ai-subject-matter-eligibility-guidance/
One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of The post Software Supply Chain Security with Michael Lieberman appeared first on Software Engineering Daily.
One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of The post Software Supply Chain Security with Michael Lieberman appeared first on Software Engineering Daily.
One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of The post Software Supply Chain Security with Michael Lieberman appeared first on Software Engineering Daily.
OVERVIEW Jason A. Duprat, Entrepreneur, Healthcare Practitioner, and Host of the Healthcare Entrepreneur Academy podcast, talks about why your business should get cybersecurity insurance and different ways to mitigate risks regarding your business' data being hacked or stolen. EPISODE HIGHLIGHTS: Are you taking the right security measures when protecting yourself and your business' data? The recent attack on SolarWinds Orion software is one of the greatest US cybersecurity breaches and affected close to 18,000 companies. The breach led to massive data compromises in big corporations, including governmental agencies, and will take years to identify the damage that's been done. The cybersecurity of your business should always be one of your biggest priorities. Your online data footprint is vulnerable to an attack at any time so protect yourself by purchasing cybersecurity insurance. Use two-factor authentication, which sends a pin code to your cellphone to verify logins. Review your password management protocol. Change your passwords every 6 months and use unpredictable passwords – including a combination of uppercase and lowercase letters, along with symbols and numbers. You can also use third-party password software tools such as LastPass. Never plug anything unknown into your computer, such as a thumb drive or CD. They can contain malicious codes that can compromise your computer's files. Set up your routers properly. Change the username and password and check if your router password is encrypted. Make sure you turn on automatic updates for your software to periodically check for viruses. Remember to also include Windows Updates as well. Use open networks with caution. Invest in your wifi hotspot on your phone to prevent unwanted data breaches from suspicious open networks. TWEETABLE QUOTE: “Cybersecurity – the security of your patient data, your business' data and your personal data – should be at the forefront of your mind.” – Jason Duprat CONNECT WITH JASON DUPRAT: LinkedIn | Facebook | Instagram | Youtube | Facebook Group RESOURCES: Sign up for one of our free business start-up Masterclasses by heading over to https://healthcareboss.org/masterclass/ Have a healthcare business question? Text me at 386-284-4955, and I'll add you to my contacts. Occasionally, I'll share important announcements and answer your questions as well. Do you enjoy our podcast? Leave a rating and review: https://lovethepodcast.com/hea RELATED EPISODES: #173: BRIAN GILL: WHY STARTUPS NEED A TECH NERD IN THE ROOM #125: TOM KOULOPOLOUS: BUILDING A TECHNOLOGY FOOTHOLD IN HEALTHCARE #HealthcareEntrepreneurAcademy #healthcare #HealthcareBoss #entrepreneur #entrepreneurship #podcast #businessgrowth #teamgrowth #digitalbusiness
Thanks to Gina Rosenthal for sharing a wonderful article from Wired about the details behind the SolarWinds Orion supply chain hack that we covered back at the end of 2020. You may recall that SolarWinds was compromised by Russian hackers and their software was infected and used to breach the US government as well as Microsoft, Mandiant, and more. In this article we're learning even more interesting information, such as the source of the attacks from the Russian SVR which is their version of the CIA, to the fact that the US DOJ detected signs of the attack just a couple of months after the infiltration and didn't pick up on the possiblity of it being a larger issue. The whole article is a fascinating read but what strikes me is that we're now 2.5 years past this earth shattering situation and we still don't know for certain if we could be impacted by it again. Chris, have we learned any lessons from this? Time Stamps: 0:00 - Welcome to the Rundown 0:31 - Meteor Lake Ramping Up 3:30 - WANDisco Sales Rep Costs Company Big Time 7:22 - Ubuntu Pro Now Available on AWS 11:22 - Apple and Nuvia Drop Lawsuit 15:56 - The Legacy of the Biggest Supply Chain Hack 26:04 - The Weeks Ahead 28:00 - Thanks for Watching Follow our hosts on Social MediaTom Hollingsworth: https://www.twitter.com/NetworkingNerdStephen Foskett: https://www.twitter.com/SFoskett Chris Grundemann: https://www.twitter.com/ChrisGrundemann Follow Gestalt ITWebsite: https://www.GestaltIT.com/Twitter: https://www.twitter.com/GestaltITLinkedIn: https://www.linkedin.com/company/1789 Tags: #Rundown, #MeteorLake, #AWS, #SupplyChain, #Security, #Hacking, @Intel, @IntelBusiness, @WANDisco, @Ubuntu, @AWSCloud, @Apple, @Nuvia_Inc
In this teaser episode Dr Earl Crane talks to Tim Brown, CISO of SolarWinds about the recent Sunburst malware intrusion and the security-by-design philosophy. SolarWinds, shot to national prominence due to the Sunburst malware intrusion. It resulted in a coordinated whole of government response to this significant cybersecurity incident. As stated by CISA, an advanced persistent threat actor was responsible for compromising the SolarWinds Orion supply chain as well as widespread abuse of commonly used authentication mechanisms. Throughout the attack, the Sunburst intruders maintained significantly high levels of operational security to avoid discovery. The Sunburst malware landed in its prospective targets and waited patiently for two weeks before initiating any activity. Now imagine being the cybersecurity leader at the organization identified by name in this intrusion that affected thousands of customers. That was the situation Tim found himself in, in late 2020. He joins me here today to share his experience and wisdom in dealing with one of the most significant cybersecurity incidents in recent memory.
The Solarwinds Orion SUNBURST Attack Timeline and What We Know Now. #100DaysOfCode #cybersecuritytips Darkweb Today Podcast #CyberSecurity #CyberCrime #Infosec https://twitter.com/TodayDarkweb https://twitter.com/ADanielHill https://twitter.com/DarkwebToday https://www.instagram.com/whois.albertohill/ --- Send in a voice message: https://anchor.fm/darkwebtoday/message
UPDATE to last week's Headlines:US Gov formally accuses Russia for SolarWinds/Orion attack. Biden issues state of Emergency, giving him the power to issue executive order: emphasizing an exploitation on US and Russian elections, kicks-out Russian diplomats in DC, prohibits US financial entities from trading in Rubles, issues sanctions against Russian networking infrastructure.This Week's Security Tip:There are two mistakes we see with usernames and passwords, even if they are GOOD strong ones. The first is using the SAME password across multiple sites. The second is using the same e-mail usernames and prefixes across multiple free e-mail services. For example: jimmy67chevy@aol.com jimmy67chevy@gmail.com jimmy67chevy@yahoo.com jimmy67chevy@icloud.com When you use the same password and the same username across multiple sites, you make it easy for a cybercriminal to compromise multiple accounts of yours. With the first part easy to figure out, they can get access to other online services and data or even spoof your e-mail addresses to others. Variety is the spice of life, so make sure you're using UNIQUE, strong passwords along with unique usernames on free e-mail accounts. Today's Headlines: 2 Google Chrome zero-day exploit dropped on twitter last week, both remote code executables, affects Chrome, Edge, and other Chromium-based borwsers Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts (FLoC), Vivaldi, Brave, DuckDuckGo, and now WordPress reject it. - Thousands of browsers with identical browsing history (belonging to the same "cohort") stored locally will have a shared "cohort" identifier assigned, which will be shared with a site when requested. - "At Vivaldi, we stand up for the privacy rights of our users. We do not approve tracking and profiling, in any disguise. We certainly would not allow our products to build up local tracking profiles," says Jon von Tetzchner, Vivaldi CEO and co-founder. Signal CEO and founder Moxie Marlinspike slams Cellebrite (company that police and gvmt uses to unlock Android and iOS phones ) after they say they can now access Signal data. Next Week's Teaser:Here is what you should do with your data on your laptop..Call to Action: We talk a lot about stupid (nothing bad ever happens to me; head in the sand; too busy; I'll do it later). So what's smart? Taking this seriously TODAY. Book a 10-minute Discovery Call right now. I'll ask some key questions and give you a quick score. If you're doing everything right, you can sleep better at night. If there's room for improvement, we'll discuss options. NO PRESSURE, NO STRINGS. JUST BOOK THE CALL!www.mastercomputing.com/discovery
Appian, launches the latest version of Appian low-code automation platform, for enterprises to unify enterprise data, using low-code, and a code-free approach. In a released statement to the press, Appian discussed the features available on the latest version, which include an A I driven Intelligent Document Processing, new design guidance, and enhanced Development, Security, and operations, among others. The platform also provides a single workflow for automation, team orchestration, existing systems, data, bots, and more. Reports state that, the launch comes amid enterprises scouting for quick solutions to AI-powered applications, and smooth workflow automation across departments.The breach at SolarWinds in the December of 2020, underlined the vulnerabilities that businesses faced, and exposed severe hybrid cloud, and authentication weaknesses. Reports have highlighted how hybrid multi-clouds provide enterprises a ‘Promising path' to digital transformation, driving new revenue models. However, it also leaves a chance for bad actors to access an organization's valuable data when they err badly. The breach becomes pertinent because SolarWinds Orion is used to managing on-premises and hosted infrastructures in hybrid cloud environments, calling a need for enhanced multi-cloud security. A troublesome combination of hybrid cloud security gaps and lack of authentication on SolarWinds accounts had made the trace undetectable for months.Vai Le, has been appointed the first channel alliance manager, for the Asia Pacific region by Emersion, an automation network provider. He has been tasked with "aggressively" increasing the company's partner count. At Emersion, Le will be responsible for driving revenue, and development in APAC through distributor recruitment, retailer partnerships, and delivery coordination. Marlin Equity Partners, a California-based investment firm, has made a significant investment in Abbyy, a provider of document conversion and data capture software. This investment by Marlin makes it one of the largest shareholders in Abbyy, and this could also aid in the growth in the expansion of the IPA market. This support will aid Abbyy's attempts to become a leading vendor in the digital intelligence sector. Abbyy's mission is to provide digital intelligence that is network and vendor agnostic, which is why it is collaborating with various companies.
This week on the podcast, we cover Signal CEO Moxie Marlinspike's analysis of a phone forensic analysis tool made by the grey-hat hacking organization Cellebrite. Before that though, we cover another solved mystery from the SolarWinds Orion saga.
More companies may have been victimized by the SolarWinds Orion compromise than first thought, coming UK law will tighten consumer internet device security, how hackers abuse Telegram and a warning to QNAP storage users
Hello and welcome to Your Operations Solved, for Wednesday, April 21st, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 14th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlines. First, an update to a previous story. In the fourth episode of our show, entitled "Business Intelligence driven Stocking and Inventory. Decrease overhead, build loyalty and repeat business," we discussed the chip shortage for the first time. If you will recall, the small number of factories that produce the microprocessors that are used by the dozen in every device containing electronics, have been suffering from production shortfalls as a result of a number of factors. Covid, increased demand, decreased production yields, natural disasters, and others. This has led to price hikes and reduced availability of a number of products across the global economy, from Computers and Playstations, to Cars and Dishwashers.To quote Sanjay Mehrotra, the CEO of micron, who is one of the worlds largest manufacturers of DRAM, one of the most widely used and most scarce types of chips. QUOTE "we expect the supply shortages to continue to be tighter through the rest of the year as well, and as we look ahead to 2022 as well, we expect that trend to continue as the world economy rebounds."This statement is consistent with recent statements by other major players in the semiconductor industry. Regardless of who you get your news from, the chip shortage is here to stay, possibly longer than anticipated. As for what this means for your business, expect anything remotely electronic to cost substantially more in coming months, and have more lead time. Affected acquisitions should be delayed if possible, to ensure that your dollar goes the furthest.With that done, let's move on to today's main story. The United States has formally declared the SolarWinds Orion attack to be a state sponsored cyber attack perpetrated by Russian actors. To remind you of this story, since news broke in December of last year, solarwinds, which has since rebranded to N-Able due to the press fallout of this attack, makes monitoring and remote control software used by IT professionals to monitor networks and manage the equipment on them. Among their portfolio of products is a piece of software called Orion, which gets deployed to primarily high security, large networks, the types of networks you would see at major organizations, like fortune 500 companies, branches of the federal government, and internet service providers. This software had an exploit injected into it by these Russian hackers, allowing them to gain a backdoor into any network running the Orion software. This includes such big names as Microsoft, The US department of commerce, The justice department, the CDC, Equifax, VMware, Malwarebytes, Kent State University, and all 5 branches of the Pentagon, as well as NATO. The list goes on and on. The new development recently is that the White House has declared this to be an act of Cyberterrorism by Russia. Let's talk about it, and what you need to know for your small or medium business. If you are a small or medium business, or otherwise have less than thousands and thousands of computers and servers to your name, you DO NOT use Solarwinds Orion, the product confirmed to be compromised. However, the means by which the hackers got in was via an attack on the tool Solarwinds uses to share code internally, meaning that its possible, or even likely, that all of their products are compromised, and we just only know about Orion. As such, I would argue that a full network audit should be done, if you haven't done one since December, to ensure none of Solarwinds, or now N-ABLEs products, some of which ARE well used in the small business space, are in use on your network. Rip them out. Replace them. Beyond that, which hasn't changed since December, what else should you be doing? Well, knowing that organizations are being directly targeted, especially those with some level of political influence or influence on supply chains for the US government, if your organization fits into either of those boxes, it's time to beef up security. Nation state attacks look very different from your typical hacking for profit or hacking because disgruntled employee types of attacks, and the mitigation efforts are similarly different. You need to have a conversation with your Information Security team about the risks your organization faces if it looks at all like the smaller entities that were targeted in the solarwinds attack, or, importantly, if you are a vendor to any entities that are. This attack used multiple levels of supply chain exploits to gain some VERY scary levels of access, and, for both legal reasons and reasons of responsibility, you do NOT want to be the weakest link 3 supply chains deep that gives the next attack a foothold.TRANSITIONNow, with that done, let's take a look at the challenges that organizations beginning to move their employees back into office might be facing, and how we might begin to alleviate some of them.First and foremost, the biggest challenge is your workforce will go from homogenous to split. It's likely you were already dealing with this on some level, with one or two employees in the office during the pandemic to keep the lights on, with the remainder of your staff working from home, but, as you bring people back in, its near guaranteed that not everyone is going to be back in at the same time, or will stay that way. You're going to be looking at a split of anywhere from 20-80% of your staff in office, with the remainder 20% being remote for the foreseeable future. This changes the way that your employees will need to be able to interact with each other. This is especially true for more collaborative fields like the creative professions. To mitigate this, I would make sure that your employees have both thorough means of collaborating in the ways they are most productive. If you use papers, for instance for sketching or drafting in your office, this could mean making more scanners available for in office employees to quickly send revisions to out of office employees. For those office cultures that emphasize calling people over to workstations, screen sharing software could be beneficial, or keeping a persistent remote meeting open for all your staff to quickly be able to send their screen out to everyone in office or out. Next, you should have an easy to follow procedure for meetings. Virtual meetings are fairly easy and routine for us now, and in person meetings are, well, in person, but hybrid meetings are a different animal all together. When working for a tech support company, for crying out loud, I have still experienced more than an acceptable number of technical hiccups when trying to combine a half full conference room with folks working from home. If your conference room isn't AV enabled so that you have cameras and microphones around the room, that's a good first step, but you also need to make sure the procedure for starting a hybrid meeting is simple, foolproof, and can fit on 3 steps, with pictures, that live on a laminated sheet in the conference room. Trust me, everyone, including, as I've seen first hand, the computer people, will forget exactly what combination of buttons to press to get such an AV system functioning if they only run such a meeting once a month or less.Next, there's the matter of physical access to workspaces. Since, again, its possible that not all your staff will be brought back in at once, or able to work in office permanently for the next few years, its possible that the person who unlocks your doors in the morning will be unable to work in office for an extended period. Now is a good time to invest in electronic access control systems and keyfobs, if you haven't already, to ensure you don't have a scramble to figure out key distribution should such an eventuality occur. Incidentally, it should also make your life easier post pandemic too, as you never have to worry about who has keys, who doesn't, or unauthorized key duplication again, if you have your system integrated well and maintained by your IT staff.After that, there's asset management. If you're like most companies, the call to start working from home was a decision made on a matter of only a few days notice. It's likely that your equipment inventory has been left in disarray as a result. Now that people, and their equipment, are finding their way back to your office, now's the time to reconcile your inventory system with reality. I would also, since people are going to be in and out of the office for a while, make sure your inventory system is well designed for checking equipment in and out. My preferred solution here is to set every asset that you track up with a barcoded tag, and have a computer with a barcode scanner set up at your inventory, for people to quickly scan their employee ID badge, or enter their name, then simply scan the equipment they are withdrawing. This way, nothing gets lost. Rolling out barcoding while you are already performing an inventory reconciliation cuts the work needed to implement this system dramatically, and, once in place, maintaining it is very easy.Finally, we get to our last challenge. Security. Your computers, and the data stored on them, have been living away from your office firewalls, and network monitoring systems for the better part of a year. While they all still should have antivirus on them (hopefully), antivirus is a last line of defense against threats, it is NOT bulletproof, and relies on having a strong firewall in front of it to keep you safe. It is therefore possible that your employees brought viruses into the office from home that HAVEN'T been making front page news daily for a year. As your employees get back into the office, you should be looking at doing a cleanup project for their machines, not just to wipe out any particularly sneaky malware, but also to remove any changes that employees might have made to the software configuration to better suit working from home, or using the equipment for personal use. Depending on your environments and needs, this is going to look VERY different for every business, so be sure to get your IT team involved early to figure out how extensive this cleanup needs to be, and how best to perform it.That's our show for today, thank you so much for listening. Tomorrow, join us for a conversation about the benefits of standardizing employee training, and how your IT team can make this a breeze, if you let them. In the meantime, check us out on the web at www.YourOperationsSolved.com, where you can join our newsletter, and opt to be notified of all our uploads. I will see you next time.
The importance of cybersecurity continues to increase, both as more functions become connected to the internet and as adversaries exploit cyberattacks as a weapon in future conflicts. From the SolarWinds Orion hack to the breach of a Florida water treatment plant, recent attacks have underscored the critical function cybersecurity plays to national security interests. ERDC is playing a key role in the efforts to strengthen the nation's cybersecurity. It protects the Defense Research and Engineering Network, safeguarding the intellectual property of defense labs across the United States and the world. ERDC also performs independent assessments of cybersecurity controls, conducts research to discover innovative cyber-protection strategies, and performs adversarial emulation to proactively identify and mediate vulnerabilities and security weaknesses for the Army, DOD and federal agencies. On today's episode, we talk cyber security with Chris Callahan, the chief of the Cybersecurity Engineering and Analysis Branch at ERDC's Information Technology Laboratory. Topics include lessons from the SolarWinds Orion breach (4:39), the dangers hacking can pose to critical infrastructure (6:30), the importance of cybersecurity to national security (10:59), ways smaller entities can improve cybersecurity (12:02), ERDC's cybersecurity niche (13:30), white-hat hackers (18:29), and things everyone can do at home to secure their networks (24:37). Visit https://www.PowerofERDCPodcast.org for more information. LINKS: CyberPatriot youth education program (https://www.uscyberpatriot.org/) DOD Bug Bounty Program/ Hack the Pentagon program (https://www.hackerone.com/hack-the-pentagon) Scholarship for Service program designed to recruit and train next generation of cyber security professionals (https://www.sfs.opm.gov/)
The Solarwinds Orion security breach a.k.a. SUNBURST is potentially one of the worst cyber attacks. Hackers were able to access information from key American business and government agencies -- one of them being Homeland Security. What happened and what are some measures you can put in place to improve your cybersecurity? To help us with the conversation is Sean Jennings. Sean is the founder of C.I.M. Solutions and is an I.T. expert with over 30 years of experience. He has worked on a variety of projects related to security, voice and technology process improvements.
Today's Headlines and the latest #cybernews from the desk of the #CISO: GitHub Informs Users of 'Potentially Serious' Authentication Bug Federal officials scramble to assess widening Microsoft Exchange Server fallout European Banking Authority discloses Exchange server hack Hackers hiding Supernova malware in SolarWinds Orion linked to China CISO CONVERSATION WEBINAR SERIES: https://mailchi.mp/cyberhubpodcast/whistic-webinar The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub Whistic: www.whistic.com/cyberhub Whistic Solarwinds survey: https://www.whistic.com/solarwinds **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, Other Side of Cyber and CISOs Secrets James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
In this episode we discuss the following news items: Jones Day law firm files released after the company refuses to pay ransomAccelion product responsible for data breach is retired after decades of operationKia Motors America fall afoul of a Doppelpaymer ransomware attackMicrosoft claims the Solarwinds Orion compromise was the work of over 1000 engineers
In December 2020, FireEye discovered a supply chain attack against the SolarWinds Orion network management system. The impact of this event has caused the cybersecurity community to reevaluate how we think about threats coming from the software supply chain. At Lawrence Livermore National Laboratory we have been developing software assurance tools for many years to automate the analysis of software to enable asset owners and operators to make sound decisions about the software in their environments. In this presentation, I will describe this effort, talk about some of our tools, and discuss ways to mitigate future supply chain attacks. About the speaker: Levi Lloyd is a cybersecurity researcher at Lawrence Livermore National Laboratory where he works in the Cyber and Infrastructure Resilience program. His interests include software assurance, binary analysis and reverse engineering, malware analysis, and network traffic analysis and defense. He has been involved in the creation of several frameworks aimed at doing cybersecurity analyses at scale.
This week Fabio Viggiani hangs out to talk about supply chain attacks, ransomware, mapping your software dependencies and assuming breach. My 3 main takeaways were 1) his insights into reverse engineering the SolarWinds Orion malware 2) Up-in-coming trends he sees in ransomware and 3) how he runs incident response investigations For more information, including the show notes check out https://breachsense.io/podcast
Stories about the recently uncovered breach of the SolarWinds Orion software have been dominating the news lately, and the situation is still continuing to evolve. In this episode, we speak with Jonathan Condra, senior manager for strategic and persistent threats with Recorded Future's Insikt Group, to get his perspective of what this breach is all about, where we stand in terms of attribution, what it means for the security community writ large, and whether or not a breach like this rises to the level of a “Cyber Pearl Harbor” or “Cyber 9/11.”
It's been a busy week for cybersecurity professionals as they respond to the SolarWinds breach. On December 13, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products" as they were being actively exploited by malicious actors.Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach. In this live discussion and incident response demo (recorded Friday, December 18) he covers: – What happened with the SolarWinds supply chain attack– Immediate action you can take to protect your systems– Industry responses to help mitigate the incident– Live demo of Snort, memory forensics and Zeek– Q&A with live attendeesLive walkthroughs from Keatron can be found here:– Full video presentation: https://www.youtube.com/watch?v=5lc4HtmEYl4 – 10-minute Snort demo for SolarWinds and Sunburst incident response: https://www.youtube.com/watch?v=wG8dLV-LZwY– 10-minute memory forensics demo of SolarWinds and Sunburst: https://www.youtube.com/watch?v=uLGLCv1Cu6AAdditional resources discussed by Keatron:– FireEye Mandiant SunBurst countermeasures: https://github.com/fireeye/sunburst_countermeasures– McAfee analysis into the Sunburst backdoor: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/– Keatron's free Cyber Work Applied training videos: https://www.infosecinstitute.com/learn/– Keatron's Infosec Skills courses: https://www.infosecinstitute.com/authors/keatron-evans/About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Simplified Security - E3 - Supply Chain Bust with Sunburst, Interview with Marco Ayala, Cybersecurity Expert where we discuss several different topics from his humble beginnings in Industrial Control Systems Security, USB Drive in ICS Environment & More!Full Interview with Marco is on YouTube Ayala https://youtu.be/gdfftCZEn28 Folllow Marc on Twitter: @ICS_SCADAMany of the Solarwinds products are built on this common technology platform, the SolarWinds® Orion which enables an organization, their customers to implement their various products whether individually or as a group. This makes it possible for their customers to have a single dashboard or a management for the products they have implemented. While there are certain solarwinds products that do not leverage this platform, their security advisory shows about 18 products. Some of which includeIP Address Manager (IPAM)Log Analyzer (LA)Network Automation Manager (NAM)Network Configuration Manager (NCM)Network Performance Monitor (NPM)Etc.For a full list of affected products, check the link https://www.solarwinds.com/securityadvisoryMicrosoft & FireEye are continuing to investigate the solarwind hack, which they call Solorigate, Sunburst Backdoor respectively. For more information check out Microsoft's and FireEye's Security Blogs, links are in the description.https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.htmlSpecial Feature: Expert in Security Interview with Marco Ayala, Cybersecurity Expert.Please provide me your feedback by reaching out on my twitter @durgeshkalya. All the links to anything I have discussed in this episode is in the descriptions of this podcast.Make sure you subscribe to simplified security episodes available as podcast and on youtube. Go to icsbits.com/simplified for more details. I am your host Durgesh Kalya. Catch me on my next episode on your favorite podcast app or youtube, until then be safe and think before you click.
Turvakäräjät swag-kauppahttps://teespring.com/turvakarajatHelSec virtual meetup #5-tallenteethttps://www.youtube.com/playlist?list=PLJDd2aYn8T1CNLdxEdmv_asNyFZVijskAHakkeriradion rahoituskampanjahttps://mesenaatti.me/1916/tehdaan-yhdessa-hakkeriradio/Velikanin / H7 tekemä HelSec ANSI-taideteoshttps://twitter.com/velikani/status/1336394148006551555?s=20FireEyen julkaisu SolarWinds Orion-tuotteeseen ujutestusta takaovestahttps://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.htmlYdinaseet vaarassa SolarWinds-takaoven vuoksihttps://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/ZDNetin uutisoinnit SolarWinds-aiheestahttps://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/Volexityn analyysi hyökkäyksestähttps://www.helpnetsecurity.com/2020/12/16/solarwinds-hackers-capabilities/Helsingin Sanomien uutisointi SolarWinds-tapauksestahttps://www.hs.fi/ulkomaat/art-2000007687185.htmlVinoth Kumarin twiitti FTP-tunnuksistahttps://twitter.com/vinodsparrow/status/1338431183588188160?s=21Ghidran debugger-ominaisuus julkaistuhttps://github.com/NationalSecurityAgency/ghidra/tree/debuggerTutkijat onnistuivat lähettämään dataa käyttämällä muistia WiFi-korttinahttps://www.zdnet.com/google-amp/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/AIR-FI tieteellinen artikkelihttps://arxiv.org/pdf/2012.06884.pdf Magecart-kollektiivi on ollut aktiivinen luottokorttitietojen varastamisessahttps://www.bleepingcomputer.com/news/security/stealthy-magecart-malware-mistakenly-leaks-list-of-hacked-stores/https://www.bleepingcomputer.com/news/security/credit-card-stealer-hides-in-css-files-of-hacked-online-stores/https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-hides-in-social-media-sharing-icons/SanSecin tutkimus Magecartin käyttämästä remote access trojan (RAT)-haittaohjelmasta, joka vuotaa Magecartin uhrien tiedothttps://sansec.io/research/ecommerce-rat-leaks-victimsRevolut-virtuaalipankkihttps://www.revolut.com/Yritykset kärsivät verkkorikollisuudesta selvästi useammin Suomessa kuin muualla Euroopassahttps://yle.fi/uutiset/3-11695621DoppelPaymer-kiristyshaittaohjelmaryhmittymä häiriköi uhrejansa nykyään puhelimitsehttps://www.zdnet.com/article/fbi-says-doppelpaymer-ransomware-gang-is-harassing-victims-who-refuse-to-pay/F-Securen 2021 kyberakatemiahttps://emp.jobylon.com/jobs/70516-f-secure-cyber-security-academy-2021-finland/
Martin (@Mrtn9), Vetle (@bordplate) og Eirik (@0xSV1) snakker om warstories fra jobb, UiT som har vært utsatt for datainnbrudd, hurtigruten som har blitt utsatt for «omfattende dataangrep», Facebook tar grep mot hackere, FireEye discovered a supply chain attack trojanizing SolarWinds Orion og investors in SolarWinds sold millions in stock days before hack was revealed.
MJ Shoer, SVP and executive director of the CompTIA ISAO, joins the podcast to talk about the recent SolarWinds hack and what this means for IT pros.
Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss the iPhone zero click WiFi exploit, cybersecurity company FireEye hacked and their red team tools being stolen, how network management and performance monitoring tool Solarwinds Orion was used to install a backdoor and the CIA is found to own Omnisec another Swiss cypto company. For more IT tips go to: > www.OptricsInsider.com Timecodes: 0:00 - Intro 0:16 - Today's 3 topics 0:49 - Topic 1: iPhone Zero-Click Wi-Fi exploit 3:45 - Topic 2: How FireEye was hacked 6:48 - Topic 3: How SolarWinds Orion was used to install a backdoor 9:34 - Bonus Topic: Cypto AG update 11:00 - Closing remarks Learn more about the Iphone's Zero-Click Wi-Fi Exploit: > An iOS zero-click radio proximity exploit odyssey > iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever Learn more how FireEye was hacked and their Red Team tools were stolen: > FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community > GitHub - Red Team Tool Countermeasures Learn how SolarWinds Orion was used to install a backdoor: > Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor > US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor > SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate) Learn more about the CIA owning Swiss cryptography company Omnisec: > Report Claims CIA Controlled Second Swiss Encryption Firm #OptricsInsider #TechNews #ITNews --- Send in a voice message: https://anchor.fm/optrics-insider/message
A highly sophisticated hack jeopardizes national security across multiple agencies. Bad Popo are back with newly released video from a 2019 case in Chicago involving an innocent woman named Anjanette Young. Mitch McConnell congratulates Biden on winning the electoral college. And more! Join criminal defense lawyer Robert F. Gruler to discuss the latest criminal and legal news, including: • Senate Majority Leader Mitch McConnell congratulates Joe Biden and Kamala Harris on election victory after Electoral College casts votes • SolarWinds Orion Hack jeopardizes American National Security infrastructure – what is SolarWinds? • FireEye Threat Research details the SolarWinds security failure in public executive summary report – we review • Cybersecurity and Infrastructure Security Agency (CISA) orders powering down of all SolarWinds Orion products immediately - 18,000 companies potentially impacted • Bad Popo: Chicago police raid home of innocent woman named Anjanette Young and leave her handcuffed and naked while they ransack her apartment – we review the body camera footage • Questions around Cook County Illinois Search warrant and whether it was approved or authorized prior to the raid • Anjanette Young files civil rights lawsuit against City of Chicago for damages and to stop a pattern of police misconduct – we review • Your questions and live chat after the presentation!Don't forget to join us on Discord: https://discord.gg/KDXEZBqvxDThe show starts at 5pm AZ time (4pm PT, 6pm Central, 7pm ET).NEW! Facebook page: https://www.facebook.com/robertgruleresqNEW! Audio only podcast: https://watchingthewatchers.buzzsprout.com/Discord is our free chat server for ongoing discussions before, during and after the livestream as well as sneak previews of slides for the upcoming shows: https://discord.gg/KDXEZBqvxDOther tips? Send to tips@rrlawaz.com or tag @RobertGrulerEsq on twitter.#SolarWinds #AnjanetteYoung #WatchingtheWatchers #ChicagoPD #badpopo #CISA #FireEye #cybersecurity
© 2020-2025 Ivy Podcast Discovery LLC
