Podcasts about spear phishing

Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  Spear phishing attacks have evolved from obvious wire transfer requests to more subtle techniques like initial contact fraud, where threat actors establish a relationship to build credibility.  Tax fraud and W-2 phishing remain prevalent, especially around tax season, as attackers try to obtain personal information like Social Security numbers.  C-suite fraud, where attackers impersonate executives, continues to be a major threat, highlighting the importance of robust processes to verify requests.  Lawyer fraud, targeting enterprises more than smaller businesses, leverages the credibility of legal communications to extort money or gather information.  Gift card fraud has emerged as the top spear phishing attack across enterprises and smaller businesses, as it is less likely to raise red flags than larger financial transactions.  Adaptability and creativity of threat actors are key factors, as they continuously evolve their techniques to bypass security measures and user awareness.  Timestamps:  (03:26) Discussion on initial contact fraud  (07:12) Exploration of tax fraud and W-2 phishing  (13:35) Examination of C-suite fraud and the importance of processes  (19:25) Lawyer Fraud and Enterprise vs. SMB Differences  (23:47) Banking Fraud and Processes   (26:39) Gift Card Fraud  Episode Resources:  Security Lab LinkedIn Group What is a Spear Phishing attack? The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks.

We are frequently targeted by unscrupulous scammers and other criminals. Unfortunately, banks and other financial institutions sometimes use fear to promote their consumer protection services, making even their messages seem suspicious. In this episode, we will cover:How to safeguard yourself against scammersEffective ways to verify the legitimacy of messages or voicemails you receiveBuilt-in tools in macOS, iOS, and iPadOS that can assist youOther useful resources such as Have I Been PwnedLinks from this episode:Rising fury at Wells Fargo as grandmothers who lost their life savings to cruel scammers urge lawsuit-hit bank to act NOWWells Fargo agrees to $3.7 billion settlement with CFPB over consumer abusesWelcome to Scam WorldAvoiding Phishing, Spearphishing, and Catfishing ScamsHave I Been PwnedMXGuarddog---Question or Comment? Send us a Text Message!Contact Us Drop us a line at feedback@basicafshow.com You'll find Jeff at @reyespoint on Threads and @reyespoint@mastodon.sdf.org on Mastodon Find Tom at @tomfanderson on Twitter, and @tomanderson on Threads Join Tom's newsletter, Apple Talk, for more Apple coverage and tips & tricks. Show artwork by the great Randall Martin Design Enjoy Basic AF? Leave a review or rating! Review on Apple Podcasts Rate on Spotify Recommend in Overcast Intro Music: Psychokinetics - The Chosen Apple Music Spotify Show transcripts and episode artwork are AI generated and likely contain errors and general silliness.

Phishing, vishing, and smishing oh my! And don't forget about spearphishing as well! Lots of scams and fraud attacks to stay on the look out for this year - so Mike and Drew go through the IRS's 2024 Dirty Dozen, the list of popular schemes to be on high alert for throughout the period.This episode and all FinTech Flo episodes are available for CPE credit over at FloQademy and on the Earmark app (links below!)Earn CPE credit while you watch, along with a bunch of other high quality, engaging, and entertaining CPE eligible video content for free as a member of FloQademy! https://learn.floqast.com/  or via the Earmark app! https://earmarkcpe.com/download/ There's lots you can do in your career with an accounting background - we're hiring! Learn more at www.floqast.com/careers Want to watch? Head over to www.youtube.com/floqast Produced by @FloQastStudioshttps://www.instagram.com/floqaststudios https://www.twitter.com/floqaststudios

In today's episode, we delve into the warning issued by the NSA and FBI regarding the APT43 North Korea-linked hacking group's exploitation of weak email DMARC policies to conduct spearphishing attacks. The podcast also covers a significant counterfeit operation involving fake Cisco gear infiltrating US military bases, creating a $100 million revenue stream. Lastly, we explore how Iranian hackers posing as journalists are utilizing social engineering tactics to distribute backdoor malware, breaching corporate networks and cloud environments. To read more about the topics discussed, visit https://www.bleepingcomputer.com/news/security/nsa-warns-of-north-korean-hackers-exploiting-weak-dmarc-email-policies/, and https://arstechnica.com/information-technology/2024/05/counterfeit-cisco-gear-ended-up-in-us-military-bases-used-in-combat-operations/, and https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/ 00:00 Massive Counterfeit Scam Unveiled: A Decade of Deception 01:08 Deep Dive into the Counterfeit Cisco Gear Scandal 04:14 The Art of Social Engineering: A Hacker's Best Tool 07:05 Protecting Against Cyber Threats: Insights and Recommendations 08:46 Wrapping Up: Stay Informed and Secure Tags: North Korea, APT43, DMARC, spearphishing, hacking, group, email, policies, attacks, intelligence, journalists, academics, organizations, prevent, security, policy, configurations, counterfeit, scam, Florida resident, gear, revenue, networking gear, US military, security, Air Force, Army, Navy, officials, stop, operation, Iranian, APT42, Nicecurl, Tamecat, hackers, backdoor, malware, social engineering, tactics, custom, blend operations, evade detection. Search Phrases: How to prevent APT43 spearphishing attacks Counterfeit scam Florida military security risk Actions to stop massive counterfeit operation Iranian hackers impersonating journalists APT42 malware tactics Nicecurl and Tamecat backdoor malware Techniques to breach corporate networks and cloud environments Evading detection in cyber attacks North Korea hacking group APT43 US military response to counterfeit gear scam May6 A Florida man was just sentenced to six and a half years in prison for running a massive counterfeit scam that ran from 2013 to 2022 where he sold fake Cisco networking gear to the US military. This resulted in over 100 million of revenue for this man while also putting our US military operations at risk. How did he get away with this for so long? Iranian hackers are impersonating journalists to distribute backdoor malware known as APT42 in order to harvest both personal and corporate credentials in an attempt to infiltrate corporations at large. What social engineering tactics are they using to help blend in with normal operations and evade detection? And speaking of impersonating journalists, a North Korean hacking group is exploiting DMARC policies to conduct spear phishing attacks aimed at collecting sensitive intelligence, while impersonating journalists and academics to do so. What actions can organizations take to prevent these spear phishing attacks? You're listening to The Daily Decrypt. So just last week on Thursday, a Florida man named Onur Aksoy, who is also known by Ron Axoy and Dave Durden, which sounds almost like a Fight Club reference to me, was sentenced to 78 months, or 6 and a half years, for orchestrating a counterfeit scheme that generated over 100 million in revenue, all by selling fake Chinese Cisco networking gear to the US military. This clearly would pose a significant risk to the US military's security. Because it was utilized in critical applications, including combat operations and classified information systems. This man, who I'm going to refer to as Dave Durden because I like alliteration and I like Fight Club, has been partaking in this counterfeit operation starting in 2013 all the way to 2022, receiving multiple cease and desist letters throughout those years, yet still continued to get fake Cisco networking gear into the hands of the US military. So since this has been going on for so long, and so much money has been spent on this, these pieces of fake Cisco networking equipment have spread out across the country, across the world, and will be very difficult to remove from the US military as a whole. Because they've been integrated into critical systems. And anyone who works in IT knows that it's very hard to even patch one of these devices, let alone swap it out for something with different components, because this isn't an actual Cisco router. And as reported by Ars Technica, technica. Cisco estimates that their products being sold on the quote IT gray market is costing them about 1. 2 billion dollars, billion with a B, each year. Along with the unmeasurable reputational risks that go along with fake gear touting your brand name. And with a price tag that high, I would imagine Cisco should spin up a whole department that could cost less than 1. 2 billion dollars a year just to track down these counterfeit marketers. And who knows, maybe they do have that. If you work for one of these departments or you know of them, please leave a comment and let me know. But yeah, this really just highlights the need for more robust security measures in the military IT supply chain. By no means am I an expert in military spending, but I do know that there are actual laws, rules, and regulations that govern how the military spends money, and it involves opening up a bid for very large purchases where the lowest bidder wins the contract. So in this case, the gear that this man, Dave Durden, sold to the U. S. military was valued well over a billion dollars. Yet the reason he was so successful is he was willing to sell it for 80 90 percent off, making only 100 million off of this gear. And though that is the fiscally responsible thing to do with U. S. taxpayers money, You can see how this would sort of breed this environment for counterfeit gear, because you can't make the actual gear cost less than the counterfeit gear, so the counterfeit gear is going to win. And with the ease of spinning up eBay and Amazon Marketplace, I'm sure we'll see a lot more cases like this coming out in the near future. So in case you didn't know this, social engineering, which is the art of As it sounds, engineering other people to do what you want them to do is one of the most effective hacking techniques out there. And it doesn't involve writing a single line of code, or even using a computer at all, if you know what you're doing. It's just like it sounds, manipulating people into doing what you want them to do. So in this case, the Iranian state backed threat actor. known as APT42, has been using social engineering tactics, impersonating journalists and academics to breach corporate and cloud environments of Western and Middle Eastern targets. So they're essentially posing as these people to build trust and rapport with their targets. And then eventually they ask the target. to download a Dropbox document or article or something related to their conversations. But instead of a document, they'll be downloading some custom backdoors named Nice Curl or Tame Cat in order to gain command execution and data exfiltration capabilities. Now if you're curious to see what these accounts and fake journalists look like, check out the article by Bleeping Computer in the show notes. It contains some fun screenshots of profiles that are being used and they look very convincing. The documents that the targets will end up downloading often use what's called macros, which when opened up it's like Word asks you if you'd like to enable macros to Utilize the full potential of this document. And after having trust built with these threat actors, targets are much less likely to think twice when clicking accept. People, especially in corporate environments, are used to accepting security risks and accepting toggle boxes and all this stuff constantly throughout the day, so it's almost become mundane to do so. And this is just another example of that. But there is a good rule of thumb on this. If you download a document from the internet and you don't personally know someone who's sending it to you, don't enable macros, especially if it's just full of information. Macros are used to have more interactive documents because it allows these documents to open up applications and interact with other applications on your computer. You don't need that for journalistic articles or academic articles. Because, yeah, this allows for the document to do anything on your computer, depending on the permissions requested, such as launch custom backdoors and install malware. For the listeners who work in the InfoSec community, the article linked in the show notes by Bleeping Computer references a report by Google's Mandiant that contains some YARA rules in detecting these custom backdoors. So make sure to check those out and implement them in yours or your customers environments. And speaking of impersonating journalists, the NSA and FBI have issued a warning regarding the APT43 North Korea linked hacking group exploiting weak email, domain based message authentication, reporting, and confirmance DMARC policies to carry out spear phishing attacks. The attackers are able to utilize misconfigured DMARC policies to send spoof emails, posing as credible sources like journalists and academics specializing in East Asian affairs. The goal of these spear phishing campaigns orchestrated by the DPRK is to gather intelligence on geopolitical events, foreign policy strategies of adversaries, and any information impacting the DPRK interests by illicitly accessing targets private documents and communications. The primary mission of APT 43 operatives, which is also known as KimSuki, is to provide stolen data and valuable geopolitical insight to the North Korean regime by compromising policy analysts and experts. So I personally don't know any policy analysts or experts, especially in this type of realm, but if you happen to be listening to this and you happen to be somebody who might be affected by this, pay extra attention to the emails you receive validating their authenticity, especially from researchers. in eastern asian affairs again, if you work in information technology, the FBI recommends updating your DMARC security policies to utilize configurations outlined in another article by Bleeping Computer in the show notes below. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

Augen auf bei der Urlaubsbuchung! Auf Plattformen wie Booking.com sind Reisende nur wenige Klicks vom Traumurlaub entfernt. Doch was passiert, wenn sich der Traum in einen Albtraum verwandelt? Betrüger*innen geben sich vermehrt über raffinierte Phishing-Attacken als Hotels aus, um an das Geld der Kundschaft zu kommen. David Voetter von der Telekom Security und Tobias Warnecke vom deutschen Hotelverband geben wertvolle Tipps, wie man sich vor unliebsamen Überraschungen schützen kann.

In this episode, we dive into the forefront of cybersecurity, exploring the evolving threats and the power of AI in network security. From the alert issued by CISA about the Volt Typhoon group targeting SOHO devices, highlighting the urgency for secure design in technology products, to Kentik's introduction of AI-assisted network monitoring, revolutionizing how professionals manage and troubleshoot networks. We also cover Vade's innovative approach to spear-phishing detection, using generative AI to combat sophisticated email threats. Join us as we unpack these critical developments and their implications for our digital world. CISA's Secure Design Alert: Read More Kentik AI's Network Innovation: Read More Vade's Spear-Phishing AI Detection: Read More Tune in to understand how these advancements are setting a new standard in cybersecurity and network management. Thanks to Jered Jones for providing the music for this episode. Find him on Spotify here: https://open.spotify.com/artist/37xLl4KR8hJ5jBuS8zYjQN?si=W75mgw68SsmCb7Zfu5ESeg 00:00:00] announcer: Welcome to the Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Today is February 1st, 2024, the most important day of your life. Here is your host, Offset Keys. [00:00:23] offsetkeyz: Good morning, cybersecurity fans. Thanks for tuning in. Today, we're going to be talking about, what's known as Soho devices or small office or home office devices, such as network routers and stuff, . How they're being targeted. And how they're vulnerable. Then we're just going to talk about AI's place in cybersecurity and the good things that it's doing. For the industry as a whole. Okay. So our first article. Includes lots of new acronyms for our listeners. So it comes from the cybersecurity and infrastructure security agency. C I S a SISA. And it focused on a [00:01:00] critical cyber security alert that they put out about. Small office or home office devices or Soho devices. So this stems from the activities of the volt typhoon group who are known for their sophisticated cyber attacks, originating from the people's Republic of China. This group has a history of targeting vulnerabilities in global networks, but they now focus on Soho routers. What's compelling about this story is not only the group's history, but also the specific vulnerabilities they exploited. These include flaws in router, web management interfaces, which allow attackers to gain unauthorized access or control. So before I lose you guys everyone listening to me, unless you're a network professional probably has a vulnerable Soho router in their home. If you have internet. I have a couple of friends that don't have internet. Freaks, but. If you have internet, it's probably a Chinese made router. So that's why I'm bringing you this story first because it's very applicable. And it's something that I really love talking about. So SISA [00:02:00] and the FBI are urging manufacturers to rethink their design approach. It's about addressing these specific vulnerabilities at the development stage. Making devices inherently more secure. For example, automating firmware updates and enhancing default security configurations are some of the recommended measures. Why should you everyday users be concerned? These vulnerabilities are in our home and office routers that can lead to data breaches, privacy, invasions, and potentially facilitate larger cyber attacks. So we all have network routers. That's how the internet gets delivered to you. It's a little black box that some random guy comes in, plugs in from your cable company. That probably has a monopoly and enforces you to take this device. That's a whole nother topic. But they come, they plug it in to give you the pass code. Then it delivers you internet and you don't touch it ever again. One of the benefits. To this is the it's pretty much local, like the only way for someone to exploit.. A router [00:03:00] is to be in your home or small office, the article didn't cover the specific vulnerabilities, but there are routers out there that have public facing web interfaces. So what does that mean? That means that me at my house can go onto the internet and access the web interface of your router. Most of you out there have probably never even looked at the web interface of your router, but if you go to. Google Chrome. This is a little lab. All right. We're going to go through a little walk through. You're going to feel like a hacker. Okay. So if you go to Google Chrome, And instead of typing in www dot anything, you're just going to type in the following numbers. You're going to type in 1 9, 2. Dot 1 6, 8. Dot zero. Dot one and see what happens. If nothing comes up, try one.one at the end, instead of zero.one. This is the default. Address to your web interface. So once you logged into the portal, you can. Do things like change your router name, which is something [00:04:00] that's super fun and cool to do you like to give your neighbors a good laugh with your wifi network named pretty fly for a Wi-Fi. Or the land before time. Abraham LyncSys. Martin router king. Yeah. Harry. Give them a good laugh. So if nothing else, this podcast has now taught you how to do that. And given you some fun examples of that, but. If, for example, I could log into that portal. I would be able to do the same thing. Such as, yeah. Change your wifi name. And also changed the password to that portal so that you can't get in and change your wifi name back. You don't even know the password to your wifi anymore. You don't have wifi. Ah, what are you going to do? Not only that I can see all the devices that are connected to that if you're using an insecure protocol like HTTP and you enter in a credit card number, I can see that credit card number. I can see your passwords. Even if they're those little black dots. In the password field, [00:05:00] they come through as plain text over HTTP. I can see that. So as you can see, this is pretty bad. There's a lot of things. That can go wrong with home routers. And one of the main things. That we don't love about most of these routers is they. Stop being supported. Relatively quickly, they turn out a new model. They forget about the old model. Then it just sits there and someone discovers a vulnerability. Like these ones. And the company that made the router doesn't fix that vulnerability. It's done being supported. There's also no automatic updates. So even if the company did decide to fix that vulnerability, You would have to go in there and update it. So I'm really glad that CSO is looking into this and encouraging these. Manufacturers. Two. Incorporate security more. Now it's expensive to incorporate security more. So it's going to be an uphill battle for CSO, but. All in all, it is very necessary and yeah, leave a comment below. If you got to that [00:06:00] screen, if you found that screen, that's one of the methods that I use really quickly when I sit down to a coffee shop. If I can even access that. Login portal. That's bad. So next time you're at a coffee shop. Type in those numbers. One nine, two.one six eight.zero.one. It'll pop up in the top left corner. It'll have the brand of the router. And it'll have a username and password, enter it in. Try the combination admin for the username and password for the password. Try that. If that doesn't work. Try admin password. Then try Googling. The name of that router that's in the top left, it's provided for you and follow the name of that router by the words, default credentials. So you've got LyncSys. X 100 default credentials. It'll probably show up. Yeah, pretty scary. I hope that was interesting to you. I love talking about that, but let's move on to our next topic. [00:07:00] Okay. So yeah, I just want to talk a little bit about AI's role in. Cyber security and network management. [00:07:07] offsetkeyz: I was reading an article by health net security, which highlights an innovative leap in network monitoring. Brought to us by Ken tick launching its AI product. This tool significantly enhances network observability. Empowering engineers and developers to troubleshoot complex networks more effectively. What's fascinating. Here is the way that Ken took AI transforms the network management landscape utilizing generative AI. It introduces features like Ken tick query assistant and Ken tick journeys. These tools allow users. To ask questions in a natural language and receive insightful answers. Making complex network insights, accessible to a broader range of professionals. So what's interesting about this is AI isn't necessarily coming for our jobs, but it's able to process words in such a way that we've never had the capabilities to do before. W there's so many different [00:08:00] query languages, google has a query language that you probably don't even know about, but, Elite. Influencers on Instagram, love to harp on how important it is to know how to search through Google with the minus sign and parentheses and all these fancy things. I don't know that. But that's for Google. Large enterprises use what's called a SIM which essentially stores logs for every interaction you do on their network. And then they store them so that if something weird happens, they can go look at those logs. Those logs also might generate alerts, security alerts. If something weird or fishy is happening in the network. But in order to. Look at those logs or query those logs, you have to know the query language. So it's. It's a little bit of a learning curve. So they're essentially just helping professionals. Get up to speed quicker. I love to see that I know that I was in way over my head when I started learning cabana query language and stuff like that. So this is really cool. There's also another company [00:09:00] called Vade, which is using AI technology for spear phishing detection. Spear phishing is a highly targeted form of regular phishing through emails or chat messages, and it poses a significant threat to. Security. [00:09:16] offsetkeyz: Veda solution utilizes generative AI as well. Which is yeah, a type of artificial intelligence that can generate new content based on learning patterns and data. This allows it to recognize and respond to evolving email scam tactics. The system analyzes various elements of emails, such as language and metadata. To identify potential threats. So I'm sure you've noticed that phishing attempts have gotten a little better, maybe two or three years ago, there were always grammatical errors. There was always a weird URL, email. But now with the use of generative AI. Anyone in any language can ha can have generative AI, such as chat, [00:10:00] GBT, craft, efficient email for them. And they can probably even have chatty. write the code for a website that phishing email. Directs to, and the code to steal your credentials and all the things that phishing. Entails. Chatty BT can make that much more accessible to. Low-level attackers. Really basic stuff. So it's really great. That defenders are also utilizing. Generative AI to help identify phishing. Emails. Hopefully, this will make. These security products, a little cheaper and more accessible to smaller companies. There's already products on the market that intercept all link clicks from an email. Run them through scans, check their behaviors before anyone can click on them. But that's an exclusive things to larger enterprises and really security minded companies, which. We're still a little behind on, really excited for this age of AI. It's not necessarily coming for our jobs. It's just making [00:11:00] the work. We do a little easier if you're a cybersecurity professional. Learn the stuff you're asking Chad GPT to do for you. Don't just feed it logs and say, what do I do next? That's good for a starting point, but make sure you learn the stuff because the, if you don't, they are going to be coming for your jobs. So that's all we have for today. [00:11:24] offsetkeyz: Happy February. I hope this month, this short month brings you lots of joy and no cybersecurity issues. But if you do happen to run into cybersecurity issues, if your Facebook gets hacked, if you accidentally clicked a link that you shouldn't have clicked. On Instagram or Facebook and it does some weird stuff. Shoot us a DM. We have an Instagram now. Shoot us a tweet and I'd be happy to walk you through. What steps I would take proactively retroactively. For any security situation? I love it keeps me up at night. I'm very excited to lose sleep over it because [00:12:00] it's so fun and so relevant. So thanks for tuning in hoping to share some of that knowledge with you through this podcast. We will talk to you tomorrow.

This week, an advisory on spear-phishing was issued, the US Department of Justice brought indictments for an $80 million pig butchering scheme, and several other interesting things surfaced. John and Elliot discuss these and their meaning for the financial crime compliance community.

Neste episódio mergulhamos nas previsões de cibersegurança para o ano de 2024.As nossas 7 previsões:OpenXDRAumento de MSSP com a criação de SOC/miniSOC. Em Especial SOC HibridoMSPs com aumento emdServiços de segurança através de Plataformas Automatizada.Aumento das vendas de ferramentas de Spear Phishing com AI na Dark WebVishing Baseado em IAAcesso por parte dos hackers assim como das empresas a computação quântica;Hacktivismo em Ascensão Devido a Conflitos Globais e Eleições

In this episode, host Bidemi Ologunde presented five stories from obscure corners of the news media and the internet.1. Wellington, New Zealand.2. La Plata, Argentina.3. Bialystok, Poland.4. Faridabad, India.5. Rouen, France.Support the show

In this episode, host Bidemi Ologunde presented the case of a spear phishing attack  on a family in Tampa, Florida, combined with social engineering and a banking app vulnerability.Support the show

Satellite Sisters tackle Online Fraud, Imposter Syndrome, Pop Tarts Taste Tests and TV recommendations. Plus ask the question: is it really possible to step into a sports bra? The Presenting Sponsor of the Satellite Sisters Big Fun Weekend is MEA, the world first wisdom school.  Retirement is Evolving. Join the Revolution. Retirement is one of the most highly sought-after phases of life but also one of the most challenging and least understood. Reframing the narrative requires a plan including wellness, community and purpose. Join an inspirational faculty and connected cohort of people embracing what's next in this 5-day online workshop. Get 20% off Reframing Retirement - a 5-day online retreat with code: SISTERS Learn more at MEAwisdom.com   Today's topics: Imposter Syndrome: https://www.washingtonpost.com/wellness/2023/10/06/impostor-syndrome-self-doubt-fraud/ Phishing, Spearphishing and Fraud https://abcnews.go.com/Business/americans-lost-103-billion-internet-scams-2022-fbi/story?id=97832789 Ten common phishing techniques and now AI https://www.theguardian.com/technology/2023/mar/29/ai-chatbots-making-it-harder-to-spot-phishing-emails-say-experts?CMP=share_btn_link Sam Bankman-Fried Update: Michael Lewis' new book Going Infinite https://slate.com/technology/2023/10/michael-lewis-going-infinite-sam-bankman-fried-ben-mckenzie-review.html  Nobel Prize in Economics goes to Claudia Goldin of Harvard for her work on women and the gender gap at work. https://www.cnn.com/2023/10/09/economy/nobel-prize-economics-claudia-goldin-2023/index.html Thank you to our sponsors and to listeners for using these special urls and codes: BritBox https://britbox.com Use promo code sisters OSEA https://oseamalibu.com Use promo code satsisters Entertaining Sisters Music Playlists BFW Official Playlist  https://open.spotify.com/playlist/032nUsNHwOjxxbFLWa3Pnn?si=960785473dfd4504 BFW Dance Party https://open.spotify.com/playlist/0tsuRTTqnTW4eSauL8NWo9?si=94cb75c36b5e4165 Lessons in Chemistry https://youtu.be/-1PuK8mxASE?si=s2c7UJJ233ekd76c Pop Tart Taste Test Family: A NYT article by longtime Satellite Sister Laura M. Holson. Did you know there's a Pop Tarts movie coming next year from Jerry Seinfeld? All new Satellite Sisters Shop is open with all new merch. https://satellite-sisters-shop-5893.myshopify.com/ Go to the Satellite Sisters website here: https://satellitesisters.com Subscribe to the Satellite Sisters YouTube Channel here: https://www.youtube.com/channel/UCVkl... JOIN OUR COMMUNITY: -  Facebook Page: https://www.facebook.com/SatelliteSis... Facebook Group: https://www.facebook.com/groups/satel... Instagram: https://www.instagram.com/satsisters/ Twitter: https://twitter.com/SatSisters -  Email: hello@satellitesisters.com Lian Dolan on Instagram @liandolan: https://www.instagram.com/liandolan/ Liz Dolan on Instagram @satellitesisterliz: https://www.instagram.com/satellitesi... Julie Dolan on @Instagram @julieoldesister https://www.instagram.com/julieoldestsister/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Die Themen im heutigen Versicherungsfunk Update sind: Finanzbetrug: 31 Prozent der Angreifer setzten auf Spear-Phishing Der Spezialversicherer Hiscox verzeichnete 2022 die meisten Schadenfälle durch Spear-Phishing. Dabei handelt es sich um einen sehr gezielten und persönlich zugeschnittenen E-Mail-Betrug, bei dem Unbefugte versuchen, Zugriff auf vertrauliche Daten zu erlangen. Die Angriffsart war mit 31 Prozent der Schäden die häufigste Ursache für Finanzbetrug, gefolgt von Hacks mit kompromittierten Zugangsdaten (28 Prozent). Auf Platz drei steht Social Engineering ohne Phishing (22 Prozent), also das Ausnutzen der Hilfsbereitschaft oder Gutgläubigkeit von Menschen, etwa um Sicherheitsvorkehrungen zu umgehen und sicherheitsrelevante Informationen abzugreifen, beispielsweise per Telefon. [pma:] mit neuem Geschäftsführer Der erst 39-jährige Sascha Hülsmann ist mit Wirkung vom 1. Juli 2023 zum Geschäftsführer der [pma:] Finanz- und Versicherungsmakler GmbH ernannt worden. Hülsmann begann seinen beruflichen Werdegang mit einer Ausbildung zum Bankkaufmann. Seine Karriere bei der [pma:] startete er nach einem Auslandssemester an der Ocean University of China in Quingdao und einem Masterabschluss der Betriebswirtschaftslehre im Jahre 2013. Bereits 2019 wurde er zum Prokuristen ernannt und verantwortete fortan das Controlling und Rechnungswesen sowie die Bereiche Finanzen und Compliance. Condor baut Angebot an nachhaltigen Fonds deutlich aus Die Condor Lebensversicherungs-AG baut zum 1. September 2023 ihr Angebot an nachhaltigen Fonds deutlich aus. Künftig können Kunden für ihre fondsgebundenen Rentenversicherungen aus insgesamt 82 nachhaltigen Fonds auswählen – bisher waren es 69. Das Angebot umfasst sowohl aktiv als auch passiv gemanagte Fonds. Itzehoer mit neuem Kfz-Tarif für Camper und Landwirte Die Itzehoer Versicherungen hat einen neuen Kfz-Tarif auf den Markt gebracht. Im Top Drive sollen für Wohnmobile im Wesentlichen die gleichen Bedingungen wie im Äquivalent für Pkw gelten. Dazu sollen unter anderem die Direktregulierung in der Vollkasko, Rabattschutz für Fahrer ab 23 Jahre sowie die Neupreisentschädigung von bis zu 36 Monaten im Falle eines Totalschadens zählen. Überdies werde nun eine GAP-Deckung für geleaste Zugmaschinen, Sattelzugmaschinen und Raupenschlepper angeboten. Gothaer vereint betriebliche Gesundheitsförderung und bKV Die Gothaer Krankenversicherung erweitert ihr Ökosystem rund um die betriebliche Krankenversicherung (bKV). Ab sofort können Firmenkunden aus zusätzlichen Maßnahmen zur betrieblichen Gesundheitsförderung (bGF) wählen. Dazu sollen unter anderem Angebote aus den Bereichen Bewegung, Ernährung und mentale Gesundheit gehören. Damit ergänzt die Gothaer Krankenversicherung ihre bKV-Produkte um den Bereich Prävention und bietet Unternehmen ein vollumfängliches betriebliches Gesundheitskonzept. Berkley startet bei CyberDirekt Spezialversicherungsanbieter Berkley Deutschland und CyberDirekt erweitern ihre Kooperation im Rahmen der Berkley Cyber Risk Protect. Ab sofort kann die Cyber-Versicherung von Berkley Deutschland über den Marktvergleich von CyberDirekt bis zu einem konsolidierten Jahresumsatz von 50 Millionen Euro volldigital mit 15 weiteren Risikoträgern gegenübergestellt und abgeschlossen werden.

On Security Now, Steve Gibson and Leo Laporte discuss a recently discovered and patched WinRAR vulnerability that allowed attackers to execute malicious code when users extracted files from specially crafted archives. For the full episode go to: https://twit.tv/sn/937 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On Security Now, Steve Gibson and Leo Laporte discuss a recently discovered and patched WinRAR vulnerability that allowed attackers to execute malicious code when users extracted files from specially crafted archives. For the full episode go to: https://twit.tv/sn/937 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger and host Charlie Osborne discuss some recent findings published by the US Cybersecurity & Infrastructure Security Agency (CISA) relating to company intrusions and spear phishing. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com

Since COVID-19, cyberattacks have increased at a faster rate than before. Cybercriminals are using different types of cyberattack techniques to gain access to organizations, which has disastrous effects such as unauthorized access, identity theft, money theft, etc., leading to a loss of reputation, depletion of customer trust, and financial losses for the organizations. Social engineering attacks are among the most frequent kinds of cyberattacks. They occur when an attacker misleads a victim into opening an email, instant message, or text message and clicking on a malicious link that inserts malware as part of a ransomware attack or exposes sensitive data. What is Spear Phishing? The spear phishing is a type of phishing attack that targets a specific person or organization. The attacker uses spear phishing to deceive the victim into clicking on malicious links, installing malicious programs, and allowing the attacker to retrieve all sensitive information from the target system or network. In this type of attack, the attacker poses as a trusted individual and tricks the victim into clicking on a spoofed email or text message, which implements malicious code on the victim's system and allows the attacker access to sensitive personal or professional information from the victim, such as names, contact numbers, mailing addresses, social security numbers, credit card numbers, and so on. The goal is to access classified information to assist future financial fraud or cybercrime. View More: Spear Phishing vs. Whaling

Steve is a Professor of Cyber Security in the School of Computer Science at the University of Nottingham, as well as an Adjunct Professor at Edith Cowan University in Western Australia and an Honorary Professor at Nelson Mandela University in South Africa. He is also the Chair of Technical Committee 11 (Security and Privacy Protection) within the International Federation for Information Processing, as well as a board member of the Chartered Institute of Information Security and chair of the academic partnership committee. His main research interests are broadly linked to the intersection of human, technological and organisational aspects of cyber security. Within this, specific themes of interest include the usability of security technology, security management and culture, cybercrime and abuse, and technologies for user authentication and intrusion detection. Related to this, he has authored over 330 papers in refereed international journals and conference proceedings, as well as various books, chapters, and professional articles.  https://www.nottingham.ac.uk/computerscience/People/steven.furnell      

Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger and host Charlie Osborne discuss the growing problem of spear phishing, as well as the role of AI in these scams, and more. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com

This week, Anna Rose (https://twitter.com/annarrose) and Kobi Gurkan (https://twitter.com/kobigurk) continue their conversation with a full episode dedicated to their new side project zkpod.ai (https://twitter.com/zkpodai). They cover the origin of the project and discuss their motivations and concerns around its uses as well as how they could see the project developing and what this could mean for the field of zk. Kobi shares his thoughts on the current tooling available, where this could progress and potential limitations it holds. Additional links mentioned in this episode: * zkpod.ai Website (https://zkpod.ai/) * Anna Rose's zkpod.ai Blog Post (https://hackmd.io/@Arrose/H1uPQ78gn) * Yohei Nakajima Twitter (https://twitter.com/yoheinakajima) * LangChain Website (https://python.langchain.com/en/latest/) * Weaviate Website (https://weaviate.io/?utm_source=google&utm_medium=cpc&utm_campaign=18671086036&utm_content=145710453274&utm_term=vector%20based%20database&gclid=Cj0KCQjwj_ajBhCqARIsAA37s0zMQwc1jPKwWLGcjDnz2PdUGz4s387sd-bYeObjUx5SlY2oeu355F8aAk3xEALw_wcB) * Anthropic Product ‘Claude' (https://www.anthropic.com/index/introducing-claude) * Universal Paperclips: the game by Frank Lantz (https://www.decisionproblem.com/paperclips/index2.html) * Large Language Models can be used to effectively scale Spear Phishing campaigns by Hazell (https://arxiv.org/pdf/2305.06972.pdf) * Creating Word Embeddings: Coding the Word2Vec Algorithm in Python using Deep Learning (https://towardsdatascience.com/creating-word-embeddings-coding-the-word2vec-algorithm-in-python-using-deep-learning-b337d0ba17a8) Check out the ZK Jobs Board here: ZK Jobs (https://jobsboard.zeroknowledge.fm/). Find your next job working in ZK! Anoma's (https://anoma.net/) first fractal instance, Namada (https://namada.net/), is launching soon! Namada is a proof-of-stake L1 for interchain asset-agnostic privacy. Namada natively interoperates with fast-finality chains via IBC and with Ethereum via a trustless two-way bridge. For privacy, Namada deploys an upgraded version of the multi-asset shielded pool (MASP) circuit that allows all assets (fungible and non-fungible) to share a common shielded set – this removes the size limits of the anonymity set and provides the best privacy guarantees possible for every user in the multichain. The MASP circuit's latest update enables shielded set rewards directly in the shielded set, a novel feature that funds privacy as a public good. Follow Namada on twitter @namada (https://twitter.com/namada) for more information and join the community on Discord discord.gg/namada (http://discord.gg/namada). Zero-knowledge is changing the world and until now, building ZK applications meant learning new, chain-specific languages and complex cryptography. But no more! With SnarkyJS, the easiest to use zk SDK, developers can add the magic of zk to their apps using TypeScript! Whether you're targeting Mina (https://minaprotocol.com/about), the leading zk-native blockchain, or off-chain applications, SnarkyJS (snarkyjs.o1labs.org) from O(1) Labs has you covered. With support for infinite recursion, in-browser proving, and so much more, the full power of zk is available to everyone. Visit snarkyjs.o1labs.org (snarkyjs.o1labs.org) to get started. If you like what we do: * Find all our links here! @ZeroKnowledge | Linktree (https://linktr.ee/zeroknowledge) * Subscribe to our podcast newsletter (https://zeroknowledge.substack.com) * Follow us on Twitter @zeroknowledgefm (https://twitter.com/zeroknowledgefm) * Join us on Telegram (https://zeroknowledge.fm/telegram) * Catch us on YouTube (https://zeroknowledge.fm/)

In this week's episode Phil Jackman and Kimberly Hendry talk with Alycia Rumney a recent graduate from the CAPSLOCK program about the ongoing debacle of the CAPITA breach and spear fishing, with personal examples of how cyber crime can affect an individual, "it's not a victimless crime".

Long Island resident Lynn Wiedmer lost $504,000 in a real estate phishing scam. In this episode, she tells us her story. This microcast is a short version of our full interview with Wiedmer, which you can listen to at https://soundcloud.com/cybercrimemagazine/true-cybercrime-story-spear-phishing-attack-steals-500000-from-a-long-island-woman

Was ist der Unterscheid zwischen SPAM und Phishing? Das ist nur der Einstieg in die heutige Folge. Danach erfährst Du die "Zauberformel" von Andreas und Sandro, um Phishing E-Mails zu erkennen. Leider ist auch diese "Zauberformel" keine Garantie. Aber sie sollte Dir bei der Erkennung helfen.

Guest: Aunshul Rege, Director at The CARE Lab at Temple University [@TU_CARE]On Linkedin | https://www.linkedin.com/in/aunshul-rege-26526b59/On Twitter | https://twitter.com/Prof_Rege____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aCrowdSec | https://itspm.ag/crowdsec-b1vp___________________________Episode NotesWelcome to a riveting new episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin! Today, we're diving into the fascinating world of social engineering and the crucial role of education in understanding cybersecurity. Join us in this engaging conversation with Aunshul Rege from Temple University, who does amazing work in helping students comprehend the importance of cybersecurity and how social engineering plays a vital part in it.Imagine a world where computer science students and liberal arts students come together to tackle cybersecurity challenges from different angles. Aunshul Rege is an associate professor at the Department of Criminal Justice at Temple University, who has a unique journey starting as a software engineer and eventually realizing that computer science wasn't enough to answer the who, why, and how of cyber attacks. Her passion for understanding human behavior, sociology, and cybersecurity led her to explore the liberal arts side of cybersecurity.In this episode, Aunshul talks about her innovative teaching methods, where she pushes her students to collaborate across disciplines and explore the importance of social engineering in cyber attacks. From shoulder surfing activities to discussing ethics and multidisciplinary teamwork, her students learn to appreciate the different skill sets and perspectives they bring to the table.But it's not just about the technical aspect of cybersecurity. Aunshul's approach to teaching focuses on building students' understanding of human behavior and psychology in cyber attacks, emphasizing the value of social engineering in both the attack and defense aspects of cybersecurity.As you listen to this fascinating conversation, you'll discover the powerful impact of merging computer science and liberal arts perspectives, the importance of ethics in cybersecurity, and how Aunshul's unique teaching methods help students appreciate their role in the ever-evolving world of cybersecurity.So, get ready to be inspired by Aunshul's story and her innovative approach to cybersecurity education. You won't want to miss this captivating episode that challenges our understanding of cybersecurity and the critical role of social engineering in it. And don't forget to share this episode, subscribe to the podcast, and join us for more insightful conversations on Redefining Cybersecurity.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist

Guest: Aunshul Rege, Director at The CARE Lab at Temple University [@TU_CARE]On Linkedin | https://www.linkedin.com/in/aunshul-rege-26526b59/On Twitter | https://twitter.com/Prof_Rege____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aCrowdSec | https://itspm.ag/crowdsec-b1vp___________________________Episode NotesWelcome to a riveting new episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin! Today, we're diving into the fascinating world of social engineering and the crucial role of education in understanding cybersecurity. Join us in this engaging conversation with Aunshul Rege from Temple University, who does amazing work in helping students comprehend the importance of cybersecurity and how social engineering plays a vital part in it.Imagine a world where computer science students and liberal arts students come together to tackle cybersecurity challenges from different angles. Aunshul Rege is an associate professor at the Department of Criminal Justice at Temple University, who has a unique journey starting as a software engineer and eventually realizing that computer science wasn't enough to answer the who, why, and how of cyber attacks. Her passion for understanding human behavior, sociology, and cybersecurity led her to explore the liberal arts side of cybersecurity.In this episode, Aunshul talks about her innovative teaching methods, where she pushes her students to collaborate across disciplines and explore the importance of social engineering in cyber attacks. From shoulder surfing activities to discussing ethics and multidisciplinary teamwork, her students learn to appreciate the different skill sets and perspectives they bring to the table.But it's not just about the technical aspect of cybersecurity. Aunshul's approach to teaching focuses on building students' understanding of human behavior and psychology in cyber attacks, emphasizing the value of social engineering in both the attack and defense aspects of cybersecurity.As you listen to this fascinating conversation, you'll discover the powerful impact of merging computer science and liberal arts perspectives, the importance of ethics in cybersecurity, and how Aunshul's unique teaching methods help students appreciate their role in the ever-evolving world of cybersecurity.So, get ready to be inspired by Aunshul's story and her innovative approach to cybersecurity education. You won't want to miss this captivating episode that challenges our understanding of cybersecurity and the critical role of social engineering in it. And don't forget to share this episode, subscribe to the podcast, and join us for more insightful conversations on Redefining Cybersecurity.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist

A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine. CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishing Audio reference link: Richardson, T., 2014. What is the difference between phishing and spear-phishing? [Video]. YouTube. URL www.youtube.com/watch?v=Wpx5IMduWX4.

A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine. CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishing Audio reference link: Richardson, T., 2014. What is the difference between phishing and spear-phishing? [Video]. YouTube. URL www.youtube.com/watch?v=Wpx5IMduWX4. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Standard Humans podcast, we're going to take you on a wild ride through the top cybersecurity risks you need to be aware of. From phishing emails to ransomware attacks, we're going to show you all the ways hackers can ruin your day (and your bank account). Whether you're a business owner, remote worker, or just someone who spends time online, this episode will provide valuable insights and practical tips on how to stay safe and secure in the ever-evolving digital landscape. Tune in to learn how to protect yourself and your loved ones from the most common cybersecurity risks out there.This episode specifically covers spear phishing, ransomware, and keeping your financial cards and accounts secure.

OUTLINE of today's show with TIMECODES"Don't throw me in that Brier Patch!" A look at the financial and political windfall the indictment has been for Trump 2:05 NYC is perhaps damaged by Trump's financially-incentivized lockdowns more than any other city, but the crowd doesn't know or care — they hate Trump for nonsense reasons. Commercial real estate is down 50% or more, including Trump's. And it appears he greatly overstated square footage of Trump Tower as well 6:09 The way of the uni-party is to ignore the big crimes and go after petty stuff — swallow the camel, strain on the gnat 23:43 YouTube shuts Right Side Broadcasting down as they were about to broadcast the Trump hearing live. What's even more important is the NEW "justification" YT gave for their censorship 30:47 Even left-wing Politico doesn't see substance in the Trump indictment and they do a better job of picking apart the weak case than the Trump media does. 33:55 It's Easter and the Messiah Complex is everywhere — from "trans pastor" to politicians comparing Trump to the suffering Savior. 55:38 Sorry MTG, Nelson Mandela was not a hero, not a martyr. Greene holds up the Marxist icon while condemning the Marxist-style persecution 1:10:06 Los Angeles wants to empty the prisons of violent criminals. They call it "Decarceration" 1:20:15 Google getting serious about making some cuts — even staplers. Better watch out for Milton 1:24:09 New York Times: “The fiercest vaccine advocates are starting to admit the truth about the MRNA.” 1:31:13 Dr. Paul Offit, vaccine pusher and cheerleader now tells us (years later) that there's not enough data. Two years ago he said the vaccines were "perfect" 1:38:53 What countries can I go to if I haven't been vaccinated? Only authoritarian Marxist states (like the USA) still require the TrumpShots 1:53:11 There's a viral video resurfaced on social media about a cure for cancer. 2:09:46 One researcher is so afraid of AI that he wants to use the military to destroy all research sites. What is he missing? 2:18:41 US military caught figuring out how to use deep-fakes for disinformation campaigns. 2:33:03 EU Commissioner is questioned on the so-called "Chat Control Bill". She's as clueless about it (and technology) as Lindsey Graham is about the RESTRICT Act he supports 2:41:03 Nouriel Roubini and Paul Craig Roberts say most banks in the US are “technically near insolvency, hundreds are bankrupt”. And the Fed's actions will only exacerbate 2:47:35 Marco Rubio is concerned that the reserve status of the dollar is disappearing. But as a true neocon, he's only concerned about how it will affect government's ability to sanction, not the hardships on Americans 2:53:1Find out more about the show and where you can watch it at TheDavidKnightShow.com If you would like to support the show and our family please consider subscribing monthly here:SubscribeStar https://www.subscribestar.com/the-david-knight-showOr you can send a donation through Mail: David Knight POB 994 Kodak, TN 37764Zelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Money is only what YOU hold: Go to DavidKnight.gold for great deals on physical gold/silver

OUTLINE of today's show with TIMECODES"Don't throw me in that Brier Patch!" A look at the financial and political windfall the indictment has been for Trump 2:05NYC is perhaps damaged by Trump's financially-incentivized lockdowns more than any other city, but the crowd doesn't know or care — they hate Trump for nonsense reasons. Commercial real estate is down 50% or more, including Trump's. And it appears he greatly overstated square footage of Trump Tower as well 6:09The way of the uni-party is to ignore the big crimes and go after petty stuff — swallow the camel, strain on the gnat 23:43YouTube shuts Right Side Broadcasting down as they were about to broadcast the Trump hearing live. What's even more important is the NEW "justification" YT gave for their censorship 30:47Even left-wing Politico doesn't see substance in the Trump indictment and they do a better job of picking apart the weak case than the Trump media does. 33:55It's Easter and the Messiah Complex is everywhere — from "trans pastor" to politicians comparing Trump to the suffering Savior. 55:38Sorry MTG, Nelson Mandela was not a hero, not a martyr. Greene holds up the Marxist icon while condemning the Marxist-style persecution 1:10:06Los Angeles wants to empty the prisons of violent criminals. They call it "Decarceration" 1:20:15Google getting serious about making some cuts — even staplers. Better watch out for Milton 1:24:09New York Times: “The fiercest vaccine advocates are starting to admit the truth about the MRNA.” 1:31:13Dr. Paul Offit, vaccine pusher and cheerleader now tells us (years later) that there's not enough data. Two years ago he said the vaccines were "perfect" 1:38:53What countries can I go to if I haven't been vaccinated? Only authoritarian Marxist states (like the USA) still require the TrumpShots 1:53:11There's a viral video resurfaced on social media about a cure for cancer. 2:09:46One researcher is so afraid of AI that he wants to use the military to destroy all research sites. What is he missing? 2:18:41US military caught figuring out how to use deep-fakes for disinformation campaigns. 2:33:03EU Commissioner is questioned on the so-called "Chat Control Bill". She's as clueless about it (and technology) as Lindsey Graham is about the RESTRICT Act he supports 2:41:03Nouriel Roubini and Paul Craig Roberts say most banks in the US are “technically near insolvency, hundreds are bankrupt”. And the Fed's actions will only exacerbate 2:47:35Marco Rubio is concerned that the reserve status of the dollar is disappearing. But as a true neocon, he's only concerned about how it will affect government's ability to sanction, not the hardships on Americans 2:53:1Find out more about the show and where you can watch it at TheDavidKnightShow.com If you would like to support the show and our family please consider subscribing monthly here:SubscribeStar https://www.subscribestar.com/the-david-knight-showOr you can send a donation through Mail: David Knight POB 994 Kodak, TN 37764Zelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Money is only what YOU hold: Go to DavidKnight.gold for great deals on physical gold/silver

Hidden bunkers, stacks of canned food and piles of artillery. Disaster preparedness has become an Internet meme and these are some of the “prepper” community's showcase images. But most of us who have lived through the recent pandemic, the Capital insurrection on January 6th and more no longer take the threat of a major disaster lightly. For those of us not willing or able to dig out a backyard bunker, is there a rational middleground where we can feel well-prepared for whatever comes next?Software security legend Michal Zalewski (lcamtuf) answers this question and many others in his third book Practical Doomsday: A User's Guide to the End of the World. Using familiar threat modeling principles, Michal explores everything from evacuation gear and bulletproof vests to the genuine probabilities of civil war and a zombie apocalypse. In what can only be described as an unbelievable coincidence, Jack and Dave's hour long interview with Michal was recorded the same day Silicon Valley Bank collapsed and was taken into government receivership.In spite of the understandably dire subject matter, Michal's equal sense of optimism and pragmatism steer us towards the middle path of rational risks and what a “normal” person should consider doing to be ready. It's not nearly as hard as you might think and the peace of mind gained was well worth taking a hard look at the worst case scenario.This interview is nearly cleanly separated into two parts as we focus on the opportunity and threat of artificial intelligence around the 32 minute mark, starting with Michal's approach to writing. The real threat of generative AI to drive truly deceptive attacks takes center stage as we explore how the ability to easily generate compelling documents, images, video, etc. may make it nearly impossible to distinguish between reality and a scam.No conversation on AI and threats seems to be able to avoid mention of the singularity threat, however, Michal keeps true to form and narrows in on the much more likely “paperclip problem” of mundane AI optimizing humans out of existence. This was one of our favorite episodes in ages, we hope you enjoy it and learn as much from it as we did. We also hope you got your money out of SVB, just like Dave did the week after this was recorded. Stay safe.

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

Heute mit: Nordstream, Intel, Spear-Phishing, YouTube

Last Pass breach In this episode of the Security Squawk podcast, the hosts analyze the latest cybersecurity incident with LastPass. LastPass, a popular password manager, suffered a data breach in August 2021. The company initially reported that the attackers had gained access to the backup server, but not the encrypted vaults containing user passwords. However, a recent update reveals that the attackers were able to obtain valid credentials for a senior DevOps engineer, giving them access to LastPass' data vault, among other things. The vault contained encryption keys for customer vault backups stored in Amazon S3 buckets. It is unclear whose vaults have been compromised, but the incident highlights the risks associated with remote work and the need for stronger security measures. Ransomware attack on US Marshal Service In this episode, the speakers also discuss the ransomware attack which hit the US Marshal Service. The attack targeted systems that contain sensitive law enforcement information, administrative information, and personally identifiable information. It is not known if it was a targeted attack, but it is believed that the attacker exfiltrated data before the attack. It is unlikely that they will turn over the keys for the ransom, especially after the FBI's recent successful takedown of Hive. Additionally, News Corp was breached over a year ago, and employees are only now being notified. It is believed that the Chinese government was behind the attack, and some personal information was compromised. The affected parties are being offered two years of free identity protection and credit monitoring. GoDaddy Security breach Further, the hosts discuss a series of security breaches that have recently occurred at GoDaddy, including spear phishing attacks and compromised passwords that have resulted in the theft of sensitive information belonging to thousands of customers. Despite being labeled as the work of "sophisticated threat actors," the author argues that most hacking attacks rely on con artistry and psychological tactics, rather than technical know-how. The article also highlights the importance of domain privacy and the risks associated with transferring domain names to unverified individuals.

Fevzi Turkalp, the Gadget Detective, joins John Beattie on BBC Radio Scotland to discuss spear phishing after SNP MP Stewart McDonald fell victim to an attack. WHat is it, how does it work, and how can we avoid becoming victims to it ourselves? You can follow and contact the Gadget Detective on Twitter @gadgetdetective. If you enjoy these shows please consider subscribing and leaving a review. #Fevzi #Turkalp #Gadget #Detective #Tech #Technology #News #Reviews #Help #Advice #John #Beattie #BBC #Radio #Scotland #Stewart #McDonald #SNP #MP #Spear #Phishing #Attack #Email #Security #Online #Password #Address #Book

Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.

Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ Google Chrome Patches 0-Day https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html Hacking Smartwatches for Spear Phishing https://cybervelia.com/?p=1380

Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ Google Chrome Patches 0-Day https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html Hacking Smartwatches for Spear Phishing https://cybervelia.com/?p=1380

Hackers stole Samsung's customer data from a US-based facility.  Were you affected?  What sis Samsung disclose?  What should you do? With guest Javvad Malik, Lead Security Awareness Advocate at KnowBe4.

DDoS remains the most characteristic mode of cyber ops in Russia's hybrid war against Ukraine. A leaked LockBit 3.0 builder is being used in ransomware attacks. Meta takes down Russian disinformation networks. Lazarus Group is spearphishing with bogus job offers. Joe Carrigan looks at SNAP benefit scams. Our guest is Crane Hassold of Abnormal Security with the latest in advanced email attack trends. And the cloud…is complicated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/187 Selected reading. Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods According to 1H2022 NETSCOUT DDoS Threat Intelligence Report (NETSCOUT)  Leaked LockBit 3.0 builder used by ‘Bl00dy' ransomware gang in attacks (BleepingComputer)  Removing Coordinated Inauthentic Behavior From China and Russia (Meta) Russia is spoofing mainstream media to smear Ukraine, Meta says (Protocol) Operation In(ter)ception: social engineering by the Lazarus Group. (CyberWire) How cloud complexity affects security. (CyberWire)

Los seguidores de ligera saben que soy muy participe de las causalidades, y esta fue una de ellas, acabando de escribir y editar el capítulo de Ingeniería social, me entero por una tía de un caso real, que acababa de pasar solo 24 horas antes de que grabara este capítulo, creo fervientemente que este tipo de cosas pasan por algo y que es entonces cuando este mensaje TIENE que ser compartido y difundido para poder aprender de alguien mas y , de ser posible, experimentar en cabeza ajena y evitarnos un dolor tal de cabeza.Liger@ nunca será spam, por eso, se parte del este proyecto, además de compartir y recomendar, conviértete en un mecenas de este proyecto, a través de patreon en la siguiente liga: https://www.patreon.com/ligeradeequipaje .

A criminal talent broker emerges. Developing threats to financial institutions. Phishing through PayPal. Lessons to be learned from LAPSUS$, post-flameout. More spearphishing of Ukrainian targets. US Cyber Command releases IOCs obtained from Ukrainian networks. Johannes Ullrich from SANS on the value of keeping technology simple. Our guests are Carla Plummer and Akilah Tunsill from the organization Black Girls in Cyber. And not really honor, but honor's self-interested first cousin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/137 Selected reading. Atlas Intelligence Group (A.I.G) – The Wrath of a Titan (Cyberint) 'AIG' Threat Group Launches With Unique Business Model (Dark Reading) Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities (Proofpoint) Sending Phishing Emails From PayPal (Avanan)  Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Group (Tenable®) Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities (Mandiant) Cyber National Mission Force discloses IOCs from Ukrainian networks (U.S. Cyber Command)  The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back (HP Wolf Security)

In episode 79 of The Cyber5, we are joined by senior security practitioner, Garrett Gross.  We discuss the age old problem of spear phishing and why enterprises still struggle to fix this problem. We talk about the critical processes and technologies necessary to defend against spear phishing, including robust training programs and endpoint detections. We also cover how to use the telemetry collected from spear phishing and integrate this with outside threat intelligence to be useful. Five Takeaways: Security Teams Need to Make a Sensor Network from the Employee Base  Attackers win consistently when they get employees to click malicious spear phishing links. They use social engineered communications, usually over email, that appear legitimate but have malicious intent to trick a user to open a document or click on a link to obtain sensitive information about a user.  Security training is boring and employees outside of security don't pay attention to the annual reminders. Real education must be relatable to employees so that they can identify when a malicious link is deployed against them. The most critical training a security team can do is get a sensor network from their employees to spell out the ripple effects to employees for PII and intellectual property theft after a malicious link is executed.  Experts Must Create Critical Processes and Use Technologies Defend Against Spear Phishing A closed door approach to security is not efficient. Experts transparently interacting with the employee base defends against spear phishing. A phased approach will be necessary to assess the necessary logging in an automated way as this takes months to configure and properly alert. The building blocks of this approach are:  An endpoint detection and response solution (EDR) is the most important tool to defend against spear phishing. An automated way to report incidents should be considered so users are not waffling on whether or not to report incidents. It should go without saying, but no one should get in trouble for reporting an incident.  Spear Phishing Typically Impersonates Executives; Executives Should Conduct PII Removal and PII Poisoning The sophistication and reconnaissance of advanced adversaries are challenging to detect, particularly when bad actors impersonate executives. Verifying information over the phone is often needed to circumvent advanced attempts to social engineer an employee base. Further, publicly available information about executives should be scrubbed and removed from the internet on a routine basis.  Use of Spear Phishing Telemetry with Threat Intelligence for Small and Medium Size Business Small companies with limited security personnel will be fortunate to get employees to get banners saying emails are coming from an external source. They will spend a small part of their day conducting internal threat hunting. They won't be able to conduct external threat hunting to determine the sophistication of a spear phishing campaign.  They need to partner with managed intelligence providers to do external threat hunting effectively.  “Defensibility” Measures are Critical Success Metrics: Threat Intelligence and Red Teams Quantifying reports and solutions that show how a security team is systematically reducing risks that affect their business is the only way budgets will get increased by the board. To prove that various attacks will matter to a business, threat intelligence with subsequent red teaming are the primary ways to illustrate the issues to an executive team.

ShadowTalk host Stefano alongside Xue, and Kim bring you the latest in threat intelligence. This week they cover: - LockBit x Mandiant PR stunt - Bohrium targets victims in various geographies Get this week's intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jun/ ***Resources from this week's podcast*** Killnet: The Hactivist Group That Started A Global Cyber War: https://www.digitalshadows.com/blog-and-research/killnet-the-hactivist-group-that-started-a-global-cyber-war/ -Ransomware Gangs and PR Stunts: Why LockBit Faked a Ransomware Attack Against Mandiant https://www.digitalshadows.com/blog-and-research/ransomware-gangs-and-pr-stunts-why-lockbit-faked-a-ransomware-attack-against-mandiant/

Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week's DDoS incident was retaliation for Bucharest's support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/84 Selected reading. How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop)  Russian hackers compromise embassy emails to target governments (BleepingComputer)  Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR)  Feared Russian cyberattacks against US have yet to materialize (C4ISRNet) Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post)  A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer) Ukraine's Digital Fight Goes Global (Foreign Affairs) Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future)  REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer)

Unbekannte chatten unter deinem Namen auf Datingplattformen, verursachen Schäden bei Dritten und fordern Geld, um deinen „Ruf“ nicht zu ruinieren. Wie schaffen es Täter*innen ganze Identitäten zu klauen und damit sogenanntes Spear Phishing zu betreiben? Darüber sprechen wir mit IT-Experte André Hopp und Rechtsanwalt Dieter Breymann, der selbst Opfer dieser Betrugsmasche wurde.

This episode is next in the podcast series, #AskPattiBrennan - a series of episodes in which Patti answers one of her listener's frequently asked questions.  These podcasts are shorter in length and address one FAQ or RAQ (a rarely asked but should be asked) question. In this episode, Patti reveals specific details to look out for with some of the most common and dangerous cyber hacking scams out there.  Learn how to identify the scam and, more importantly, how to implement the steps needed to prevent yourself from ever falling victim to a cybercriminal in the future.

In this episode, host Bidemi Ologunde presents a recent incident where a series of social media posts potentially led to a targeted cyberattack on a local government contractor in Raleigh, North Carolina.Please send questions, comments, and suggestions to bidemi@thebidpicture.com. You can also get in touch on LinkedIn, Twitter, the Clubhouse app (@bid), and the Wisdom app (@bidemi).

Anyone who spends the first part of their morning trawling through hundreds of emails knows they’re vulnerable to phishing attacks. We’ve all been...