POPULARITY
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2.5% what is this?)Episode: Episode 319 - OT Cybersecurity - In conversation with Robert Lee, CEO & Founder of DragosPub date: 2022-04-10We attended the opening of the Dragos office in Melbourne, Australia and met with CEO and Founder, Robert Lee.Robert Lee is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community's first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine's power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine's grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.Robert is routinely sought after for his advice and input into industrial threat detection and response. He has presented at major security conferences such as SANS, BlackHat, DefCon, and RSA and has testified to the Senate's Energy and National Resources Committee. As a non-resident national security fellow at New America, Robert works to inform policy related to critical infrastructure cyber security and is regularly asked by various governments to brief to national level leaders.Recorded April 7, 2022Video version available at https://youtu.be/i2H3YndP8gsFor more information visit www.dragos.com#otcybersecurity #cybersecurity #dragos #ukraine #cyberattack #crashoverrideThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
We attended the opening of the Dragos office in Melbourne, Australia and met with CEO and Founder, Robert Lee.Robert Lee is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community's first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine's power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine's grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.Robert is routinely sought after for his advice and input into industrial threat detection and response. He has presented at major security conferences such as SANS, BlackHat, DefCon, and RSA and has testified to the Senate's Energy and National Resources Committee. As a non-resident national security fellow at New America, Robert works to inform policy related to critical infrastructure cyber security and is regularly asked by various governments to brief to national level leaders.Recorded April 7, 2022Video version available at https://youtu.be/i2H3YndP8gsFor more information visit www.dragos.com#otcybersecurity #cybersecurity #dragos #ukraine #cyberattack #crashoverride
Attempting to evolve rules of cyber conduct during a hot hybrid war. Waiting for major Russian cyber operations. Viasat terminals were hit by wiper malware. Patches and detection scripts for Spring4shell. Warning of ransomware threat to local governments. Emergency data requests under Senatorial scrutiny. NSA employee charged with mishandling classified material. Andrea Little Limbago from Interos on Bots, Warriors and Trolls. Rick Howard speaks with Maretta Morovitz on cyber deception. And no April Foolin' here For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/63 Selected reading. Russia's War Lacks a Battlefield Commander, U.S. Officials Say (New York Times) Putin may be self-isolating from his military advisers, says White House (The Telegraph) Confronting Russian Cyber Censorship (Wilson Center) Zelensky Fires Two Generals (Wall Street Journal) French intelligence chief Vidaud fired over Russian war failings (BBC News) Cyber War Talks Heat Up at UN With Russia at Table (Bloomberg.com) Foreign Ministry statement on continued cyberattack by the “collective West” (Ministry of Foreign Affairs of the Russian Federation) New Protestware Found Lurking in Highly Popular NPM Package (Checkmarx.com) Russia targeting Ukraine, countries opposing war in cyberspace (Jerusalem Post) Conti Leaks: Examining the Panama Papers of Ransomware (Trellix) British intelligence agencies: Moscow continuously attacks Ukraine in cyberspace (The Times Hub) AcidRain | A Modem Wiper Rains Down on Europe (SentinelOne) SentinelOne finds ties between Viasat hack and Russian actor (SC Magazine) ExtraHop CEO: Expect a Russian cyber response to sanctions (Register) Treasury sanctions Russian research center blamed for Trisis malware (CyberScoop) Treasury Targets Sanctions Evasion Networks and Russian Technology Companies Enabling Putin's War (U.S. Department of the Treasury) Evgeny Viktorovich Gladkikh – Rewards For JusticeArtboard 4Artboard 4 (Rewards for Justice) Spring confirms ‘Spring4Shell' zero-day, releases patched update (The Record by Recorded Future) Spring4Shell (CVE-2022-22965): Are you vulnerable to this Zero Day? (Cyber Security Works) Ransomware Attacks Straining Local US Governments and Public Services (IC3) Senate's Wyden Probes Use of Forged Legal Requests by Hackers (Bloomberg) NSA Employee Charged with Mishandling Classified Material (Military.com) National Security Agency Employee Indicted for Willful Transmission and Retention of National Defense Information (US Department of Justice) National Security Agency Employee Facing Federal Indictment for Willful Transmission and Retention of National Defense Information (US Department of Justice)
Podcast: The CyberWire Daily (LS 59 · TOP 0.5% what is this?)Episode: Manufacturing sector is increasingly a target for adversaries. [Research Saturday]Pub date: 2021-01-16Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats to manufacturing organizations. Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Dragos currently publicly tracks five ICS-focused activity groups targeting manufacturing: CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME in addition to various ransomware activities capable of disrupting operations. Manufacturing relies on ICS to scale, function, and ensure consistent quality control and product safety. It provides crucial materials, products, and medicine and is classified as critical infrastructure. Due to the interconnected nature of facilities and operations, an attack on a manufacturing entity can have ripple effects across the supply chain that relies on timely and precise production to support product fulfillment, health and safety, and national security objectives. Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive – and potentially destructive – impacts. Dragos has not observed ICS-specific malware targeting manufacturing operations on the same scale or sophistication as that used in the disruptive TRISIS and CRASHOVERRIDE malware attacks that targeted energy operations in Saudi Arabia and Ukraine, respectively. However, known and ongoing threats to manufacturing can have direct and indirect impact to operations. This report provides a snapshot of the threat landscape as of October 2020 and is expected to change in the future as adversaries and their behaviors evolve. The research can be found here:ICS Threat Activity on the Rise in Manufacturing SectorThe podcast and artwork embedded on this page are from CyberWire, Inc., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats to manufacturing organizations. Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Dragos currently publicly tracks five ICS-focused activity groups targeting manufacturing: CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME in addition to various ransomware activities capable of disrupting operations. Manufacturing relies on ICS to scale, function, and ensure consistent quality control and product safety. It provides crucial materials, products, and medicine and is classified as critical infrastructure. Due to the interconnected nature of facilities and operations, an attack on a manufacturing entity can have ripple effects across the supply chain that relies on timely and precise production to support product fulfillment, health and safety, and national security objectives. Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive – and potentially destructive – impacts. Dragos has not observed ICS-specific malware targeting manufacturing operations on the same scale or sophistication as that used in the disruptive TRISIS and CRASHOVERRIDE malware attacks that targeted energy operations in Saudi Arabia and Ukraine, respectively. However, known and ongoing threats to manufacturing can have direct and indirect impact to operations. This report provides a snapshot of the threat landscape as of October 2020 and is expected to change in the future as adversaries and their behaviors evolve. The research can be found here: ICS Threat Activity on the Rise in Manufacturing Sector
Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats to manufacturing organizations. Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Dragos currently publicly tracks five ICS-focused activity groups targeting manufacturing: CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME in addition to various ransomware activities capable of disrupting operations. Manufacturing relies on ICS to scale, function, and ensure consistent quality control and product safety. It provides crucial materials, products, and medicine and is classified as critical infrastructure. Due to the interconnected nature of facilities and operations, an attack on a manufacturing entity can have ripple effects across the supply chain that relies on timely and precise production to support product fulfillment, health and safety, and national security objectives. Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive – and potentially destructive – impacts. Dragos has not observed ICS-specific malware targeting manufacturing operations on the same scale or sophistication as that used in the disruptive TRISIS and CRASHOVERRIDE malware attacks that targeted energy operations in Saudi Arabia and Ukraine, respectively. However, known and ongoing threats to manufacturing can have direct and indirect impact to operations. This report provides a snapshot of the threat landscape as of October 2020 and is expected to change in the future as adversaries and their behaviors evolve. The research can be found here: ICS Threat Activity on the Rise in Manufacturing Sector
The US Treasury Department sanctions a Russian research institute for its role in the Triton/Trisis ICS malware attacks. Coordinated inauthenticity with a commercial as well as a political purpose. The Clean Network project gains ground in Central and Eastern Europe. Rob Lee from Dragos on insights on the recent DOJ indictments of Russians allegedly responsible for the Sandworm campaign. Rick Howard explores SD-WANs. Data breaches afflict a large Finnish psychiatric institute. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/207
Podcast: Darknet DiariesEpisode: 68: TritonPub date: 2020-06-23A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world.A big thanks to Julian Gutmanis, Naser Aldossary, Marina Krotofil, and Robert M. Lee for sharing their stories with us.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project.Sources https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://dragos.com/wp-content/uploads/TRISIS-01.pdf Video S4 TRITON - Schneider Electric Analysis and Disclosure Video S4 TRITON - Mandiant Analysis at S4x18 Video S4 TRITON - Reverse Engineering the Tricon Controller by Dragos Video S4 TRITON - A Report From The Trenches Video - Safety Orientation video for the Chemical Plant Learn more about your ad choices. Visit megaphone.fm/adchoicesThe podcast and artwork embedded on this page are from Jack Rhysider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world. A big thanks to Julian Gutmanis, Naser Aldossary, Marina Krotofil, and Robert M. Lee for sharing their stories with us. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Sources https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://dragos.com/wp-content/uploads/TRISIS-01.pdf Video S4 TRITON - Schneider Electric Analysis and Disclosure Video S4 TRITON - Mandiant Analysis at S4x18 Video S4 TRITON - Reverse Engineering the Tricon Controller by Dragos Video S4 TRITON - A Report From The Trenches Video - Safety Orientation video for the Chemical Plant Learn more about your ad choices. Visit megaphone.fm/adchoices
Splunk [Industrial IoT | Mobile | SignalFx | VictorOps] 2019 .conf Videos w/ Slides
Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146263 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels
Splunk [Internet of Things Track] 2019 .conf Videos w/ Slides
Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146207 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels
Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels
Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels
US Infrastructure is Targeted by attackers, RAMBleed can steal cryptokeys, and Yubikeys get recalled! All that coming up now on ThreatWire. #threatwire #hak5 Links:Support me on alternative platforms! https://snubsie.com/support https://www.youtube.com/shannonmorse?sub_confirmation=1 -- subscribe to my new channel! Hacking Power Grids:https://dragos.com/blog/industry-news/threat-proliferation-in-ics-cybersecurity-xenotime-now-targeting-electric-sector-in-addition-to-oil-and-gas/https://dragos.com/wp-content/uploads/TRISIS-01.pdfhttps://www.zdnet.com/article/this-most-dangerous-hacking-group-is-now-probing-power-grids/https://www.cyberscoop.com/trisis-xenotime-us-electric-sector/https://www.wired.com/story/triton-hackers-scan-us-power-grid/https://arstechnica.com/information-technology/2019/06/hackers-behind-dangerous-oil-and-gas-intrusions-are-probing-us-power-grids/ Yubikeys Vulnerable:https://www.yubico.com/support/security-advisories/ysa-2019-02/https://www.zdnet.com/article/yubico-to-replace-vulnerable-yubikey-fips-security-keys/https://www.yubico.com/replaceorder/ RAMBleed, shoutout to CypherDragon:https://access.redhat.com/articles/1377393https://rambleed.com/https://rambleed.com/docs/20190603-rambleed-web.pdfhttps://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/https://threatpost.com/rambleed-side-channel-privileged-memory/145629/https://thehackernews.com/2019/06/rambleed-dram-attack.html Photo credit: https://live.staticflickr.com/6179/6173837649_2d77becc9b_b.jpg -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆Our Site → https://www.hak5.orgShop → https://www.hakshop.comSubscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1Support → https://www.patreon.com/threatwireContact Us → http://www.twitter.com/hak5Threat Wire RSS → https://shannonmorse.podbean.com/feed/Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999 Host: Shannon Morse → https://www.twitter.com/snubsHost: Darren Kitchen → https://www.twitter.com/hak5darrenHost: Mubix → http://www.twitter.com/mubix-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
When the malware known both as Triton and Trisis came to light in late 2017, it quickly gained a reputation as perhaps the world's most dangerous piece of code: the first ever designed to disable the safety systems that protect industrial facilities from potentially lethal physical accidents. But Triton hackers still have to engage in a far more common forms of hacking to plant that code, in some cases spending close to a year digging their way through IT networks before they reach their targets.
Podcast: The CyberWireEpisode: Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.Pub date: 2018-10-24In today's podcast, we hear that US Cyber Command has been reaching out to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did it, but of course things are complicated. Are hostile intelligence service hackers superheroes, salaryman nebbishes, or something in between? How threat intelligence drives threat evolution. The risk of shadow web-apps. Apple speaks on privacy. Ben Yelin from the University of Maryland Center for Health and Homeland Security talks with us about the EFF coming out against license plate sharing between retailers and law enforcement. Our UK correspondent Carole Theriault speaks with ESET’s Lysa Meyers about overcoming the cyber skills shortage and attracting new talent to the industry. For links to all the stories in today's podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_24.htmlThe podcast and artwork embedded on this page are from The CyberWire, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: The CyberWireEpisode: AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.Pub date: 2018-01-19In today's podcast we hear about ransomware afflicting a healthcare IT provider. Group 123 phishes in South Korean waters. Schneider Electric describes the zero-day Triton/Trisis exploited. The Dark Caracal spyware campaign is attributed to Lebanon's intelligence service. The US Congress will extend Section 702 surveillance authority for six years. GhostTeam-infected apps are booted from the Play Store. Jonathan Katz from the University of Maryland ponders "uncrackable" quantum encryption. Graham Cluley from the Smashing Security podcast drops by for a chat about the state of the industry. And is there ever a good reason to write down a password? The podcast and artwork embedded on this page are from The CyberWire, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: The CyberWireEpisode: TRISIS Malware: Fail-safe fail — Research SaturdayPub date: 2018-01-06Robert M. Lee. is CEO of Dragos Security, a company that specializes in the protection of industrial control systems. He’s describing his team's research on TRISIS, tailored ICS malware infecting safety instrumented systems (SIS), so far found only in the middle east. It's only the fifth known incident of malware targeting ICS systems. The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/The podcast and artwork embedded on this page are from The CyberWire, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: The CyberWireEpisode: Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.Pub date: 2017-12-18In today's podcast, we hear how the Zealot campaign uses ShadowBrokers' exploits to install a Monero miner on victim systems. Bitfinex suffers another DDoS attack as Bitcoin valuations remain high. Triton attack on industrial safety systems shows the risk of mixing control with safety. Exposed database of California voters investigated. Thales will buy Gemalto. Johannes Ullrich from SANS and the Internet Storm Center podcast, on scammers profiteering from natural disasters. And suffering from social media hangover? Try a little hair of the dog that bit you (say social media vendors). The podcast and artwork embedded on this page are from The CyberWire, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Pipeliners PodcastEpisode: Episode 16: Cybersecurity Threats and Awareness with Dan NagalaPub date: 2018-03-26In this episode of the Pipeliners Podcast, Russel Treat welcomes Daniel Nagala of UTSI International Corporation to discuss the latest cybersecurity threats and awareness issues facing the pipeline industry. The conversation focuses on what Mr. Nagala has seen in the field -- both domestically and internationally -- to identify the various challenges facing pipeline operators. Included is how to integrate new system capabilities with legacy systems without exposing operators to security risks. Also included in this episode is a discussion of what was learned from the TRISIS malware attack and how to address vulnerabilities. Download this episode to become more aware of cybersecurity issues facing operators!The podcast and artwork embedded on this page are from Russel Treat, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In December, researchers spotted a new family of industrial control malware that had been used in an attack on a Middle Eastern energy plant. Known as Triton, or Trisis, the suite of hacking tools is one of only a handful of known cyberweapons developed specifically to undermine or destroy industrial equipment. Now, new research from security firm FireEye suggests that at least one element of the Triton campaign originated from Russia.
In today's podcast, we hear that US Cyber Command has been reaching out to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did it, but of course things are complicated. Are hostile intelligence service hackers superheroes, salaryman nebbishes, or something in between? How threat intelligence drives threat evolution. The risk of shadow web-apps. Apple speaks on privacy. Ben Yelin from the University of Maryland Center for Health and Homeland Security talks with us about the EFF coming out against license plate sharing between retailers and law enforcement. Our UK correspondent Carole Theriault speaks with ESET’s Lysa Meyers about overcoming the cyber skills shortage and attracting new talent to the industry. For links to all the stories in today's podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_24.html
In this week's Risk & Repeat podcast, SearchSecurity editors discuss dangers to critical infrastructure in the wake of a new report on the threat actors behind the Trisis malware.
In this week's Risk & Repeat podcast, SearchSecurity editors discuss dangers to critical infrastructure in the wake of a new report on the threat actors behind the Trisis malware.
In today's podcast, we hear that VPNFilter, described by Cisco's Talos research unit, looks like battlespace preparation for Fancy Bear. The FBI may have succeeded in impeding its operation. Dragos describes XENOTIME, the threat actor behind the TRISIS industrial safety system attacks, and they say we can expect them back. GDPR is coming tomorrow, and a company has found a way of letting worried CISOs sleep at night. And your right to follow theRealDonaldTrump on Twitter has now been secured by the US Federal Court for the Southern District of New York. Enjoy. Dr. Charles Clancy from the Hume Center at VA Tech, discussing how cell towers track you even when you have location services disabled (and why that’s a good thing). Guest is Erez Yalon from Checkmarx with their research on Amazon Echo eavesdropping vulnerabilities.
In this episode of the Pipeliners Podcast, Russel Treat welcomes Daniel Nagala of UTSI International Corporation to discuss the latest cybersecurity threats and awareness issues facing the pipeline industry. The conversation focuses on what Mr. Nagala has seen in the field -- both domestically and internationally -- to identify the various challenges facing pipeline operators. Included is how to integrate new system capabilities with legacy systems without exposing operators to security risks. Also included in this episode is a discussion of what was learned from the TRISIS malware attack and how to address vulnerabilities. Download this episode to become more aware of cybersecurity issues facing operators!
A recent digital attack on the control systems of an industrial plant has renewed concerns about the threat hacking poses to critical infrastructure. And while security researchers offered some analysis last month of the malware used in the attack, called Triton or Trisis, newly revealed details of how it works expose just how vulnerable industrial plants—and their failsafe mechanisms—could be to manipulation.
In today's podcast we hear about ransomware afflicting a healthcare IT provider. Group 123 phishes in South Korean waters. Schneider Electric describes the zero-day Triton/Trisis exploited. The Dark Caracal spyware campaign is attributed to Lebanon's intelligence service. The US Congress will extend Section 702 surveillance authority for six years. GhostTeam-infected apps are booted from the Play Store. Jonathan Katz from the University of Maryland ponders "uncrackable" quantum encryption. Graham Cluley from the Smashing Security podcast drops by for a chat about the state of the industry. And is there ever a good reason to write down a password?
Robert M. Lee. is CEO of Dragos Security, a company that specializes in the protection of industrial control systems. He’s describing his team's research on TRISIS, tailored ICS malware infecting safety instrumented systems (SIS), so far found only in the middle east. It's only the fifth known incident of malware targeting ICS systems.
Robert M. Lee. is CEO of Dragos Security, a company that specializes in the protection of industrial control systems. He’s describing his team's research on TRISIS, tailored ICS malware infecting safety instrumented systems (SIS), so far found only in the middle east. It's only the fifth known incident of malware targeting ICS systems. The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/
In today's podcast, we hear how the Zealot campaign uses ShadowBrokers' exploits to install a Monero miner on victim systems. Bitfinex suffers another DDoS attack as Bitcoin valuations remain high. Triton attack on industrial safety systems shows the risk of mixing control with safety. Exposed database of California voters investigated. Thales will buy Gemalto. Johannes Ullrich from SANS and the Internet Storm Center podcast, on scammers profiteering from natural disasters. And suffering from social media hangover? Try a little hair of the dog that bit you (say social media vendors).