Podcasts about ta505

In this episode of Talos Takes we are joined by Tiago Periera to discuss his recent blog on truebot activity. Truebot and the silence group have been active for a number of years operating primarily financially motivated cybercrime. In this episode we will talk about the recent campaign we observed as well as the tools and tactics we uncovered. We'll also discuss the links between these groups and other threat actors, like TA505.

Welcome back to Decipher's Source Code news wrap podcast. Topping the news this week, Albania's prime minister has blamed Iran for a major cyberattack two months ago that took down parts of the country's national infrastructure. Also this week, researchers detailed Iranian state-sponsored group APT42 and the software control panel used by the well-known TA505 financial threat group in order to manage its ServHelper malware.

In today's podcast we cover four crucial cyber and technology topics, including: 1.British Hospitality group offline after cyberattack 2.D-Link routers targeted by Moobot3.Researchers find new tool used by criminal group in the past 4.Ireland fines Meta 405 Million Euros for data privacy violation I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

A look at TA505, familiar yet adaptable. A US joint cybersecurity advisory outlines the BlackMatter threat to critical infrastructure. CISA asks industry for technical information on endpoint detection and response capabilities. Is REvil trying to run on reputation? The Sinclair Broadcasting ransomware incident seems to provide a case study in rapid disclosure. Carole Theriault considers the fight for online anonymity. Joe Carrigan shares steps to protect the C-Suite. And there's a decryptor out for BlackByte. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/201

Siveysvyön tietoturvaongelmathttps://www.theverge.com/2020/10/6/21504019/internet-enabled-male-chastity-cage-cellmate-qiui-security-flaw-remotely-lockedJuhon mainitsema tietoturvaongelmista kärsinyt/kärsivä dildohttps://www.vice.com/en/article/53847a/camera-dildo-svakom-siime-eye-hacked-livestreamUusi rootkit-tyyppinen UEFI-haittaohjelmahttps://uk.pcmag.com/security/129035/suspected-chinese-hackers-unleash-malware-that-can-survive-os-reinstallseResearchTechnology hakkerointihttps://www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.htmlSeksikkäät sipulithttps://www.bbc.com/news/54467384NTDEV doxausuhkauksethttps://twitter.com/NTDEV_/status/1311625662441164801?s=20Software AG:n kiristyshaittaohjelmaongelmathttps://www.zdnet.com/google-amp/article/german-tech-giant-software-ag-down-after-ransomware-attack/Lisätietoa TA505 ryhmästä, jonka on epäilty olleen hyökkäyksen takanahttps://attack.mitre.org/groups/G0092/https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104

In today's podcast we cover four crucial cyber and technology topics, including: 1. Ragnar Locker targets Energias de Portugal 2. Criminals continue using COVID-19 themes to target individuals, Government, and healthcare3. Microsoft patches two vulnerabilities that are being used by criminals in attacks 4. SFO breach linked to Russian Energetic Bear hacking group I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

Ransomware gangs don’t seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North Korean professionals. A criminal campaign of USB attacks is reported. Problems with VPNs and teleconferencing. The Pentagon’s CMMC will move forward on schedule. Rob Lee from Dragos on ICS resiliency in the face of Coronavirus, guest is James Dawson from Danske Bank on the unique challenges of IT Risk & Controls in global banking. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_27.html Support our show

On this week’s show Patrick and Adam discuss the week’s security news, including: Coronavirus phishing lures are everywhere Czech hospital ransomwared during crisis Voatz mobile voting app destroyed by Trail of Bits audit We recap yesterday’s livestream Windows SMBv3 bug probably not such a big deal ALL the week’s news This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes State-sponsored hackers are now using coronavirus lures to infect their targets | ZDNet The Internet is drowning in COVID-19-related malware and phishing scams | Ars Technica undefined TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years | Proofpoint US Live Coronavirus Map Used to Spread Malware — Krebs on Security Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet High-Stakes Security Setups Are Making Remote Work Impossible | WIRED A Mobile Voting App That's Already in Use Is Filled With Critical Flaws - VICE Microsoft delivers emergency patch to fix wormable Windows 10 flaw | Ars Technica undefined undefined undefined undefined Medical Device Regulation: EU to give €100bn MedTech industry a security health check | The Daily Swig WordPress to add auto-update feature for themes and plugins | ZDNet undefined Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't | ZDNet Avast disables JavaScript engine in its antivirus following major bug | ZDNet US is preparing to ban foreign-made drones from government use | TechCrunch Card data from the Volusion web skimmer incident surfaces on the dark web | ZDNet Intel CPUs vulnerable to new 'Snoop' attack | ZDNet Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks | ZDNet We Built a Database of Over 500 iPhones Cops Have Tried to Unlock - VICE The Web’s Bot Containment Unit Needs Your Help — Krebs on Security undefined Cyberattack Hits HHS During Coronavirus Response - Bloomberg Microsoft discontinues RDCMan app following security bug | ZDNet Google awards $100k to Dutch bug hunter for cutting-edge cloud security research | The Daily Swig #737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies oracle chat on prem - Google Search Risky Business - Risky Business publications/voatz-securityreview.pdf at master · trailofbits/publications · GitHub publications/voatz-threatmodel.pdf at master · trailofbits/publications · GitHub Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog Securing a work from home workforce - YouTube

All links and images for this episode can be found on CISO Series (https://cisoseries.com/rest-assured-were-confident-our-security-sucks/) We may not have the protection you want, but what we lack in adequate security we make up in confidence. Sleep better at night after you listen to this week's episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Billy Spears (@billyjspears), CISO, loanDepot. Thanks to this week's podcast sponsor, CyberInt. The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505’s latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries. On this week’s episode Why is everybody talking about this now? Tip of the hat to Eduardo Ortiz for forwarding this discussion Stuart Mitchell of Stott and May initiated on LinkedIn asking if there should be a "golden bullet" clause in a CISO's contract. He was referring to the CISO of Capital One who had to step down and take on a consulting role after the breach. What are arguments for and against? Ask a CISO Nir Rothenberg, CISO, Rapyd asks, "If you were given control of company IT, what would be the first things you would do?" What's Worse?! Should a CISO be closing sales or securing the company? Hey, you're a CISO, what's your take on this? According to Nominet's Cyber Confidence Report, 71 percent of CISOs say their organization uses the company's security posture as a selling point, even though only 17% of CISOs are confident about their security posture. There are probably many factors that contribute to this disparity. Is it a gap that will ever close, or is this just the nature of security people vs. sales? Bluetooth is a convenient and easy method of sharing data between devices, which, of course, qualifies it as a prime target for exploitation. A trio of researchers has discovered a vulnerability that has the potential of attacking billions of Bluetooth-enabled devices, including phones, laptops, IoT and IIoT technologies. In short, this Key Negotiation of Bluetooth vulnerability, which has been given the acronym KNOB, exploits the pairing encryption protocol within the Bluetooth Classic wireless technology standard, which supports encryption keys with entropy between 1 and 16 bytes/octets. It inserts between the pairing devices forcing both to agree to encryption with 1 byte or 8 bits of entropy, after which it simply brute-forces the encryption keys. More on CISO Series. Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM. What do you think of this pitch? How targeted should your pitch have to be?  

In today's podcast we cover four critical topics in cyber and technology to include: 1. TA505 get TWO new malware2. California includes biometrics in data privacy law3. Malware found in .wav files 4. U.S. alleged to target Iran with "secret" cyber attack 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/cybercrimes-solved-in-an-hour-or-your-next-ones-free/) In the real world, cybercrimes just don't get solved as fast as they do on CSI. So we're offering a guarantee. If we don't catch the cyber-perpetrator in an hour (including commercial breaks) we'll make sure you're attacked again. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Jason Hill (@chillisec), lead researcher at CyberInt Research Lab. Thanks to this week's podcast sponsor, Cyberint. The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505’s latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries. On this week's episode What annoys a security professional Question on Quora asks, "What does everybody get wrong about working in the field of forensics?" There were a handful of answers from looking to TV and film dramas to that it's only a post mortem analysis. What are the biggest misconception of digital forensics? Why is everybody talking about this now? Tip of the hat to Stu Hirst of Just Eat who posted this Dilbert cartoon that got a flurry of response. Read for yourself, but in essence, it's a boss that thought technology would solve all his problems. Not realizing that people and process are also part of the equation. All too familiar. The "I've been hearing a lot about __________" phenomenon. What causes this behavior and how do you manage it? "What's Worse?!" How much flexibility to you require in your security team and the business? Please, Enough. No, More. How far can AI go? Where does the human element need to exist? What are the claims of the far reaching capabilities of AI? We discuss what we'd like to hear regarding the realistic capabilities and limitations of AI. Every year, the Fall season sees billions of dollars being spent on home-based IoT devices. The back-to-school sales are the starting point, Cyber Monday is the clubhouse turn and the year-end holiday season is the finish line. As usual, these devices – printers, DVRs, IP cameras, smart home assistants, are relatively inexpensive and provide plug and play convenience, to satisfy an impatient customer base. For the rest of the cloud tip, head to CISO Series. Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM. We don't have much time. What's your decision? What are the best models for crowdsourcing security? There are entire businesses, such as bug bounty firms, that are dedicated to creating crowdsourced security environments. Our guest this week is passionate about investigative work. We asked him and Mike what elements they've found that inspire and simplify the community to participate in a crowdsourced security effort.

A daily look at the relevant information security news from overnight.Episode 156 - 19 September 2019IT supply chain hack - https://www.bleepingcomputer.com/news/security/new-tortoiseshell-group-hacks-11-it-providers-to-reach-their-customers/Scotiabank leaks - https://www.theregister.co.uk/2019/09/18/scotiabank_code_github_leak/Phishing page emails - https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-sends-stolen-logins-using-javascript/IRS Amadey botnet - https://threatpost.com/irs-emails-botnet-recruitment/148473/Windows Defender failing - https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/

In today's podcast we dive into four focused cyber and technology events that you need to know about including: 1. Imperva data loss 2. CamScanner app has malware3. APT Lyceum/Hexane back at it 4. TA505 expands targets, updates malware 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/passwords-so-good-you-cant-help-but-reuse-them/) We've just fallen in love with our passwords we just want to use them again and again and again. Unfortunately, some companies more interested in security aren't letting us do that. We discuss on the latest episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is William Gregorian (@WillGregorian), CISO, Addepar. Thanks to this week's podcast sponsor Cyberint The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505's latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries. How CISOs are digesting the latest security news Chris Castaldo of 2U and a former guest on the show posted this great story of TripAdvisor invalidating user credentials if a member's email and password were found in publicly leaked data breach databases. Is this a great or bad move by TripAdvisor? Ask a CISO On LinkedIn, Chad Loder, CEO, Habitu8 posted an issue about the easy deployment and ubiquity of cloud applications. He argues it's no longer Shadow IT. It's just IT. And securing these cloud tools you don't manage nor know about requires a lot of education. Is Shadow IT inevitable. Should we lose the name? And is education the primary means of securing these services? It's time to play, "What's Worse?!" One of the toughest rounds of "What's Worse?!" we've ever had. Close your eyes. Breathe in. It's time for a little security philosophy. Mike posed a "What's Worse?!" scenario to the LinkedIn community and got a flurry of response. The question was "Would you rather have amazing, quality cybersecurity incident response in 24 hours or spotty, unreliable response in one hour?" I wanted to know what was Mike's initial response and did anyone say anything in the comments to make him change his mind? For quite a while, IT security experts have been touting the value of two factor authentication (2FA) as a better way to keep data safe than simply using passwords alone. We have even spoken about it here. In its most popular form, 2FA sends a confirmation code to your phone, which you must then enter into the appropriate log-in confirmation window within a short amount of time. This is like having a second key to the safe, like many bank vaults used to have. (more on the site) It’s time to measure the risk Chelsea Musante of Akamai asks, "What would you say to someone who thinks their risk for credential abuse / account takeover has decreased because they've implemented MFA (multi-factor authentication)?"

Kacey (@sudosu_kacey) and Alex join Harrison (@pseudohvr) to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this week: TA505 uses new tools, old tactics in global attacks. Kacey then digs into the zero-day vulnerability identified in Zoom’s macOS software. We also discuss new Magecart activity, the Sodinokibi ransomware, and what our ShadowTalk-ers would name their own ransomware. Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-jul-11-jul-2019

A daily look at the relevant information security news from overnight.Episode 102 - 05 July 20197-11 flaw - https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/No cookie is safe - https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-separate-cookie-stealing-module/New TA505 attack - https://www.darkreading.com/attacks-breaches/ta505-group-launches-new-targeted-attacks/d/d-id/1335136First DoH malware - https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/Fee-free ATMs - https://www.theregister.co.uk/2019/07/03/silence_hacking_bangla/

US Cyber Command warns that an Outlook vulnerability is being actively exploited in the wild. Other sources see a connection with Iran. GPS signals are being jammed near Tel Aviv, and Russian electronic activity in Syria is suspected as the cause. A look at the consequences of satellite cyber vulnerabilities. The TA505 gang changes some of its tactics. Yesterday’s brief Internet outages are traced to a Cloudflare glitch. Facebook and YouTube continue to grapple with content moderation. Mike Benjamin from CenturyLink on Emotet’s C2 behavior. Guest is Avital Grushcovski  from Source Defense on the risk posed by third party web site tools. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_03.html  Support our show

TA505 and Fin8 are both up to their old ways, with some new tricks in their criminal bag. A reminder about social engineering and Google Calendar. A new assertiveness is promised in US cyber operations, as the Administration “widens the aperture.” Updates on the security concerns that surround Huawei and ZTE. And Radiohead takes a different approach to online extortion--just render what they’re holding for ransom valueless. Craig Williams from Cisco Talos on the Jasper Loader. Guest is Lisa Sotto from Hunton Andrews Kurth LLP on the report Seeking Solutions: Aligning Data breach Notification rules across borders. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_12.html  Support our show

Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect), the BlackSquid malware, and updated campaign activity from TA505 and Turla threat groups. Then, Harrison sits down with Dr. Richard Gold, head of Security Engineering at Digital Shadows, to discuss Photon Research’s most recent report Too Much Information: The Sequel. Be sure to download the full report at https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html and the intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-30-may-06-jun-2019

This week Alex and Philip join Harrison to discuss two recent, unrelated, financially motivated cyber attack campaigns involving the use of culturally specific social engineering lures. The team also looks at three new phishing campaigns attributed to the threat group TA505 and decide(in a perfect world) which 1 cyber threat they would choose to rid forever. Download this week's Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jan-17-jan-2019.

In today’s podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminals fo TA505. ISIS turns to newer, less closely monitored and moderated apps as it’s pushed out of larger social networks. Reddit asks users to reset their passwords, and to make them good ones. Google seems to have made strides against expansive interpretation of the EU’s right to be forgotten. And the curious tweets of @HAL999999999. Jonathan Katz from UMD on updated WiFi security. Guest is Ameesh Divatia from Baffle on the growing frustration with how companies handle our private information. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_10.html   Support our show

A daily look at the relevant information security news from overnight.Episode 59 - 10 January, 2019DNS attacks linked to Iran - https://threatpost.com/unprecedented-dns-hijacking-attacks-linked-to-iran/140737/TA505 spreads RAT - https://www.zdnet.com/article/this-trojan-attack-adds-a-backdoor-to-your-windows-pc-to-steal-data/New malware nabs IP addresses - https://www.scmagazine.com/home/security-news/a-new-malware-dubbed-icepick-3pc-is-stealing-device-ip-addresses-en-masse-since-at-least-spring-2018/MongoDB exposes 202 million CVs - https://www.zdnet.com/article/cvs-containing-sensitive-info-of-over-202-million-chinese-users-left-exposed-online/The D in SystemD stands for DAMMIT - https://www.theregister.co.uk/2019/01/10/systemd_bugs_qualys/