POPULARITY
Privacy Risks of 23andMe BankruptcyA breach impacting 7 million users, coupled with lawsuits and financial distress, means 23andMe's 15 million genetic profiles could be sold or misused under a new buyer. The California Attorney General has urged users to delete their data and destroy physical samples, highlighting the vulnerability of storing sensitive genetic information with for‑profit entities under financial strain.Clearview AI's Data Acquisition AttemptsClearview AI tried to buy a massive database of arrest records, mugshots, and personal details (like social security numbers). This would greatly expand its controversial facial recognition repository, fueling concerns about privacy, consent, and misuse by governments or private actors.Hungary's Use of Facial Recognition at Pride EventsHungary banned Pride events and authorized facial recognition to identify attendees, who may face fines under “child protection” laws. Critics view this as an attack on free assembly and expression, especially for LGBTQ+ communities, creating a chilling effect on peaceful protests.China's New Facial Recognition RulesFacial recognition is banned without consent and in private spaces, requiring privacy assessments and encryption. However, these rules exclude “algorithm training,” meaning facial images may still be collected for AI development, undermining the intended privacy protections given China's widespread CCTV presence.US Coordination on Russian Cyber Threats HaltedUS national security agencies ceased joint efforts against Russian cyberattacks, disinformation, and oligarch asset seizures. This abrupt stop raises concerns over weakened defenses against foreign interference, though official explanations remain unclear.Microsoft's Unpatched .LNK ExploitAn eight‑year‑old Windows shortcut (.LNK) exploit persists, with Microsoft labeling it a “UI issue” rather than a security flaw. Attackers, including state‑sponsored groups, hide malicious commands in whitespace, leaving users vulnerable to spying and data theft.Windows 10 End of SupportWith support ending in October 2025, Microsoft urges users—over half of its Windows base—to buy new hardware for Windows 11. This approach overlooks the financial burden on many and disregards feasible upgrades or affordable alternatives for existing devices.Dutch Universities Shifting Away from WhatsAppSchools such as Utrecht and Avans recommend moving to Signal over privacy and misinformation concerns tied to WhatsApp's data‑sharing practices. Signal's strong encryption, open‑source nature, and non‑profit status align with the need for secure, private communication in educational settings.
Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).
A woman brutally injured by unpatched pothole on Fifth Ave full 1750 Tue, 18 Feb 2025 20:53:24 +0000 JamMlz4NhmxUynEIMspfsti3PILrYH27 news,a-newscasts,top picks Marty Griffin news,a-newscasts,top picks A woman brutally injured by unpatched pothole on Fifth Ave On-demand selections from Marty's show on Newsradio 1020 KDKA , airing weekdays from 10 a.m. to 2 p.m. 2024 © 2021 Audacy, Inc. News News News News news News News News News News False https://player.amperwavepodcasting
Scott Schober, Cyber Expert, Author of "Hacked Again," and CEO of Berkeley Varitronics Systems, sits down with host Charlie Osborne to discuss how poor corporate remediation of vulnerabilities can be a material risk factor, and more. This episode of Data Security is sponsored by Cimcor, the developer of CimTrak, a Real-time, File Integrity Monitoring, Network Configuration, and Compliance solution. Learn more at https://cimcor.com • For more on cybersecurity, visit us at https://cybersecurityventures.com
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Unpatched zero-day in Palo Alto Networks is in the wild
In today's episode we'll be talking about Viet's new 'GIRLFRIEND', Esther's Scary Stalker Experience, and The New Best Strategy to Pick up Girls! (2024, Unpatched) NECTAR HARD SELTZER IS NOW IN 500 NEW STORES: Costco, Ralph's (SoCal), Safeway (NorCal), Target (CA, OR, WA, NYC), Walmart (HI), and MUCH MORE!!!!!! To be alerted when it launches in your city, "SPRING" to 844,624,0991 Find us in SELECT STORES* in 7 states - CA, TX, HI, WA, OR, NYC & NJ: https://bit.ly/3OTAefc123 (must be 21+. drink responsibly) SuperBonsai's 2ND Product, a powerful natural Liver Detox and Support Tincture: SUPERLIVER is OUT NOW!!! Text: LIVER to 844-688-0041 to be first on list for Launch! SUPER RECOVERY by SuperBonsai is OUT NOW! 100% Natural Ingredients formulated to tackle every part of your hangover. https://bit.ly/3MMhLB6 you can give us your phone # for 20% off! Watch Esther and Jeremy's "First date": Subscribe to: https://undertheinfluence.show/ Include bi-weekly bonus episodes, Dollar $tore Therapy segments, vlogs, private discord channel, etc.) Use code: YTFREEMONTH for 1 free month. To submit questions or discussion topics for future episodes, JOIN OUR DISCORD: https://linktr.ee/undertheinfluence.show Hit the #UTI or #Submit-Topics channel and you can start submitting questions and discussion topics there. There is also an anonymous submission channel for those who are shy. Timecodes (Episode #178) 00:00 - Viet Got A GF? 11:45 - Dealbreakers & Manipulation 19:50 - Wootak's Friends Are Leaving Him 28:00 - Viet is Growing Up 35:41 - Hating On Someone Else's Birthday Party 39:15 - Oshi No Ko Review 53:23 - Esther Has A Stalker 1:03:58 - Don't Let It Slip Away 1:06:43 - Stock Market Crash 1:17:26 - The Escape Room Romeo Phenomenon 1:26:15 - Do you think my Friends are Hot? 1:40:10 - Outro FOLLOW US ON ALL PLATFORMS: bit.ly/undrthinflnce Listen on Spotify: https://spoti.fi/3qqjUaN Listen on Apple Music: https://apple.co/34IO1lr Search “Under The Influence Show” for all other audio listening platforms Follow Luke! IG: / icarma24 Follow Wootak Tik Tok: https://vm.tiktok.com/ZM8C4msk7/ IG: / barchemistry Personal IG: https://www.instagram.com/thekimwoota... YouTube: / @barchemistry Follow Jeremy Tik Tok: / nectarseltzer Nectar Vlogs TT: / nectarvlogs IG: / jeremykimkardashian YouTube: / @nectar_world Follow Viet Trap Tik Tok: / viettrap IG: / akaviettrap Follow Queen Esther YouTube: @Kanyewesther Fanhouse: linktr.ee/Kanyewesther Tik Tok: / kanyewesther IG: / kanyewesther Follow Brando Tik Tok: / nectarbrando IG: / brando Website: https://www.brandoarts.com/artwork Follow Eddie YouTube: @hotlinemedia Tik Tok: / ededdoreddie IG: / eddievillaltaa Follow Nectar Hard Seltzer (Must be 21+) Tik Tok: / nectarseltzer IG: / nectarhardseltzer Find a store near you: https://nectarhardseltzer.com/ Drink responsibly! Intro song by Killagraham / killagraham / killagraham #podcast #undertheinfluence #nectaryk --- Support this podcast: https://podcasters.spotify.com/pod/show/undertheinfluenceshow/support
Did you know that Microsoft knows about software vulnerabilities in their Mac software and decided not to patch them? Chuck Joiner, David Ginsburg, Brian Flanigan-Arthurs, Marty Jencius, Jim Rea, Mark Fuccio and Web Bixby talk about how some are locked in to Office365 in spite of the risks. The panel also looks at Apple's decision to scale back screen recording notifications in the upcoming OS release, and whether the dial needs to be turned off even further. Today's MacVoices is supported by 1Password and their new 1Password Extended Access Management. Security for the way we work today, Learn about the problems it solves at 1Password.com/product/XAM. Show Notes: Chapters: 00:00 Unpatched Microsoft Mac Vulnerabilities04:35 Microsoft Apps and Security Concerns15:18 Screen Recording Notifications Update30:56 User Reactions to Notification Changes Links: Security flaws in Microsoft Mac apps could let attackers spy on users https://appleinsider.com/articles/24/08/19/security-flaws-in-microsoft-mac-apps-could-let-attackers-spy-on-users macOS Sequoia will now prompt you monthly (not weekly) for screen recording permissions https://9to5mac.com/2024/08/14/macos-sequoia-screen-recording-prompt-monthly/ Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Mark Fuccio is actively involved in high tech startup companies, both as a principle at piqsure.com, or as a marketing advisor through his consulting practice Tactics Sells High Tech, Inc. Mark was a proud investor in Microsoft from the mid-1990's selling in mid 2000, and hopes one day that MSFT will be again an attractive investment. You can contact Mark through Twitter, LinkedIn, or on Mastodon. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. This is also co-host of The Vision ProFiles podcast. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Mastodon: https://mastodon.cloud/@chuckjoiner Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
Did you know that Microsoft knows about software vulnerabilities in their Mac software and decided not to patch them? Chuck Joiner, David Ginsburg, Brian Flanigan-Arthurs, Marty Jencius, Jim Rea, Mark Fuccio and Web Bixby talk about how some are locked in to Office365 in spite of the risks. The panel also looks at Apple's decision to scale back screen recording notifications in the upcoming OS release, and whether the dial needs to be turned off even further. 1Password Extended AccessToday's MacVoices is supported by 1Password and their new 1Password Extended Access Management. Security for the way we work today, Learn about the problems it solves at 1Password.com/product/XAM. Show Notes: Chapters: 00:00 Unpatched Microsoft Mac Vulnerabilities 04:35 Microsoft Apps and Security Concerns 15:18 Screen Recording Notifications Update 30:56 User Reactions to Notification Changes Links: Security flaws in Microsoft Mac apps could let attackers spy on users https://appleinsider.com/articles/24/08/19/security-flaws-in-microsoft-mac-apps-could-let-attackers-spy-on-users macOS Sequoia will now prompt you monthly (not weekly) for screen recording permissions https://9to5mac.com/2024/08/14/macos-sequoia-screen-recording-prompt-monthly/ Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Mark Fuccio is actively involved in high tech startup companies, both as a principle at piqsure.com, or as a marketing advisor through his consulting practice Tactics Sells High Tech, Inc. Mark was a proud investor in Microsoft from the mid-1990's selling in mid 2000, and hopes one day that MSFT will be again an attractive investment. You can contact Mark through Twitter, LinkedIn, or on Mastodon. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. This is also co-host of The Vision ProFiles podcast. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Mastodon: https://mastodon.cloud/@chuckjoiner Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
2 Minute Drill: In this episode of the 2 Minute Drill, Drex DeFord dives into the latest cybersecurity revelations involving Microsoft. Discover the shocking details behind the ignored security flaw in ADFS that led to the infamous SolarWinds attack, and learn about a newly discovered bug that allows email impersonation from Outlook accounts. Drex also highlights an innovative AI solution from SoftBank designed to calm angry customer calls. Stay informed and stay secure with these crucial updates.Remember, Stay a little paranoid.Subscribe: https://www.thisweekhealth.com/subscribe/Linkedin: https://www.linkedin.com/company/ThisWeekHealthTwitter: https://twitter.com/thisweekhealthDonate: Alex's Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454
This episode reports on a new campaign stealing email passwords, the latest data breaches, and more
This episode reports on the growth of the KV-botnet, the discovery of another unprotected database on the internet, and more
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
Colombia continues its recovery from last week's cyberattacks. AI training data is accidentally published to GitHub. The cyberespionage techniques of Earth Lusca. Clorox blames product shortages on a cyber attack. Cybersecurity incidents in industrial environments. Where the wild bots are. Joe Carrigan looks at top level domain name exploitation. Our guest is Kristen Bell from GuidePoint Security with a look at vulnerability vs. exploitability. And there's talk of potential Russia-DPRK cooperation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/179 Selected reading. More than 50 Colombian state, private entities hit by cyberattack -Petro (Reuters) Colombia Mulls Legal Action Against US Firm Targeted In Cyber Attack (Barron's) Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token (Microsoft Security Response Center) Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages (SecurityWeek) Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (Trend Micro) Chinese hackers have unleashed a never-before-seen Linux backdoor (Ars Technica) The Clorox Company FORM 8-K (US Securities and Exchange Commission) Clorox Warns of Product Shortages Following Cyberattack (Wall Street Journal) Clorox warns of product shortages, profit hit from August cyberattack (The Street) Can't find the right Clorox product? A recent cyberattack is causing some shortages (USA Today) Clorox warns of product shortages after cyberattack (Fox Business) As flu season looms, hackers force a shortage of Clorox products (Fortune) New Research Finds Cyberattacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% (Business Wire) Death By a Billion Bots (Netacea) Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (EconoTimes) Learn more about your ad choices. Visit megaphone.fm/adchoices
There's a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16). Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Helen Patton discuss People as a security first principle. And cybersecurity jobs seem to be getting tougher (say the people who are doing them). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/170 Selected reading. New Agent Tesla Variant Being Spread by Crafted Excel Document (Fortinet Blog) World's Largest Cryptocurrency Casino Stake Hacked for $41 Million (Hackread) Crypto casino Stake.com loses $41 million to hot wallet hackers (BleepingComputer) Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach (KrebsOnSecurity) Global DevSecOps Report on AI Shows Cybersecurity and Privacy Concerns Create an Adoption Dilemma (GitLab) APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469) (CERT-UA) Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure (The Hacker News) Ukraine says an energy facility disrupted a Fancy Bear intrusion (Record) What's in a NoName? Researchers see a lone-wolf DDoS group (Record) New Research from TechTarget's Enterprise Strategy Group and the ISSA Reveals Continuous Struggles within Cybersecurity Professional Workforce - ISSA International (ISSA International) Life and Times 2023 Download Landing Page (ISSA International) E-book: The Life and Times of Cybersecurity Professionals Volume VI (ESG Global) Layoffs list extended by Malwarebytes, Fortinet, Veriff, SecureWorks (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices
BlackCat ransomware pushes Cobalt Strike via WinSCP search ads CISA issues warning for cardiac device system vulnerability 330,000 FortiGate firewalls still unpatched to CVE-2023-27997 RCE flaw Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry's first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com.
Attacks against unpatched versions of Visual Studio and win32k continue. Progress Software patches two MOVEit vulnerabilities. The Cyber Anarchy Squad claims to have taken down a Russian telecommunications provider's infrastructure. RomCom resumes its activity in the Russian interest. Deepen Desai of Zscaler describes Nevada ransomware. Our guest is Clarke Rodgers from Amazon Web services with insights on what CISOs say to each other when no one else is listening?. And the Mt. Gox hacking indictment has been unsealed. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/112 Selected reading. Online muggers make serious moves on unpatched Microsoft bugs (The Register) Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC) (Numen) MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software) MDE Affected by Global Data Breach (Minnesota Department of Education) Hackers Use Stolen Student Data Against Minneapolis Schools in Brazen New Threat (The 74) Ofcom statement on MOVEit cyber attack (Ofcom) Ukrainian hackers take down service provider for Russian banks (BleepingComputer) Pro-Ukraine hackers claim to take down Russian internet provider (The Record) Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC (Security Affairs) RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine (BlackBerry) Mt. Gox's Hackers Are 2 Russian Nationals, U.S. DOJ Alleges in Indictment (CoinDesk) Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e (The Record) Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another (US Department of Justice)
ALPHV claims responsibility for a cyberattack on Constellation Software. A new Akira ransomware campaign spreads. CACTUS is a new ransomware leveraging VPNs to infiltrate its target. Many organizations are still vulnerable to the Go-Anywhere MFT vulnerability. Russian hacktivists interfere with the French Senate's website. Keith Mularski from EY, details their "State of the Hack" report. Emily Austin from Censys discusses the State of the Internet. And ransomware gangs target local governments in Texas and California. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/88 Selected reading. ALPHV gang claims ransomware attack on Constellation Software (BleepingComputer) Constellation Software hit by cyber attack, some personal information stolen (IT World Canada) Press Release of Constellation Software Inc. (GlobeNewswire News Room) Meet Akira — A new ransomware operation targeting the enterprise (BleepingComputer) New Cactus ransomware encrypts itself to evade antivirus (BleepingComputer) Pro-Russian Hackers Claim Downing of French Senate Website (SecurityWeek) Dallas cyberattack highlights ransomware's risks to public safety, health (Washington Post) Hacked: Dallas Ransomware Attack Disrupts City Services (Dallas Observer) City of Dallas Continues Battling Ransomware Attack for Third Day (NBC 5 Dallas-Fort Worth) San Bernardino County pays hackers $1.1 million ransom after cyber attack (Victorville Daily Press) San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff's Department systems (ABC7 Los Angeles) Atomic Data devastated by the unexpected death of CEO and co-owner Jim Wolford (Atomic Data)
New ransomware exploits a VMware ESXi vulnerability. Roasted 0ktapus squads up. LockBit says ION paid the ransom. Russian cyber auxiliaries continue attacks against healthcare organizations. Attribution on the Charlie Hebdo attack. Deepen Desai from Zscaler describes recent activity by Ducktail malware. Rick Howard looks at cyber threat intelligence. And the top US cyber diplomat says his Twitter account was hacked. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/24 Selected reading. Ransomware Gang in Trading Hack Says Ransom Was Paid (Bloomberg) Regulators weigh in on ION attack as LockBit takes credit (Register) Russian hackers launch attack on City of London infrastructure (The Armchair Trader) Ransomware attack on data firm ION could take days to fix -sources (Reuters) Linux version of Royal Ransomware targets VMware ESXi servers (BleepingComputer) Ransomware scum attack old VMWare ESXi vulnerability (Register) Italy sounds alarm on large-scale computer hacking attack (Reuters) Italy's TIM suffers internet connection problems (Reuters) Italy sounds alarm on large-scale computer hacking attack (Jerusalem Post) Italian National Cybersecurity Agency (ACN) warns of massive ransomware campaign targeting VMware ESXi servers (Security Affairs) Campagne d'exploitation d'une vulnérabilité affectant VMware ESXi (CERT-FR) VMSA-2021-0002 (VMware) CERT-FR warns of a new wave of ransomware attacks targeting VMware ESXi servers (Security Affairs) ‘0ktapus' hackers are back and targeting tech and gaming companies, says leaked report (TechCrunch) Customizable new DDoS service already appears to have fans among pro-Russia hacking groups (The Record from Recorded Future News) Russian Hackers Take Down At Least 17 U.S. Health System Websites (MedCity News) Tallahassee Memorial HealthCare, Florida, has taken IT systems offline after cyberattack (Security Affairs) Iran responsible for Charlie Hebdo attacks - Microsoft On the Issues (Microsoft On the Issues) Piratage de « Charlie Hebdo » : un groupe iranien à la manœuvre, selon Microsoft (Le Monde) Iran behind hack of French magazine Charlie Hebdo, Microsoft says (Reuters) Microsoft attributes Charlie Hebdo data leak to Iran-linked NEPTUNIUM APT (Security Affairs America's top cyber diplomat says his Twitter account was hacked (CNN)
Ransomware hits Costa Rican government systems, again. A Chinese threat actor deploys the BOLDMOVE backdoor against unpatched FortiOS. Credential stuffing afflicts PayPal users. T-Mobile discloses a data breach. A cyberattack hits a remote Canadian utility. The Wagner Group sponsors a hackathon. Malek Ben Salem from Accenture describes prompt injection for chatbots. Our guest is Paul Martini of iboss with insights on Zero Trust. And the FSB's Gamaredon APT runs a hands-on Telegraph phishing campaign against Ukrainian targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/13 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (Forrester) MICITT detecta incidente informático en el MOPT, el cual ya se encuentra contenido (MICITT) MOPT mantiene habilitados todos los servicios de manera presencial (MICITT) Costa Rica's Ministry of Public Works and Transport crippled by ransomware attack (Record) Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) (Mandiant) Attackers Crafted Custom Malware for Fortinet Zero-Day (Dark Reading) Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October (Security Affairs) PayPal accounts breached in large-scale credential stuffing attack (BleepingComputer) PayPal Confirms Over 34,000 Customer Accounts Were Breached (EcommerceBytes) 35,000 PayPal accounts hacked, and users could've prevented it (PCWorld) Thousands Of PayPal Accounts Hacked—Is Yours One Of Them? (Forbes) Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack (The Record from Recorded Future News) T-Mobile Says Hacker Stole Data for 37 Million Customers (Bloomberg) T-Mobile Says Hackers Stole Data on About 37 Million Customers (Wall Street Journal) T-Mobile Says Hackers Used API to Steal Data on 37 Million Accounts (SecurityWeek) Cyberattack hits Nunavut's Qulliq Energy Corp. (CBC News) Nunavut power utility's servers hit by cyber attack | IT World Canada News (IT World Canada) Russian War Report: Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize (Atlantic Council) Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations (Blackberry) Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram (The Hacker News) Hitachi Energy PCU400 (CISA) Bolster Your Company Defenses With Zero Trust Edge (iBoss)
Patch Tuesday Recap, Adobe, SAP & Microsoft, VMWare vCenter Server unpatched Cybersecurity News CyberHub Podcast October 12th, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce Microsoft Warns of New Zero-Day; No Fix Yet for Exploited Exchange Server Flaws SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products ICS Patch Tuesday: Siemens, Schneider Electric Release 19 New Security Advisories All Windows versions can now block admin brute-force attacks VMware vCenter Server bug disclosed last year still not patched Story Links: https://www.securityweek.com/patch-tuesday-critical-flaws-coldfusion-adobe-commerce https://www.securityweek.com/microsoft-warns-new-zero-day-no-fix-yet-exploited-exchange-server-flaws https://www.securityweek.com/sap-patches-critical-vulnerabilities-commerce-manufacturing-execution-products https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-release-19-new-security-advisories https://www.bleepingcomputer.com/news/microsoft/all-windows-versions-can-now-block-admin-brute-force-attacks/ https://www.bleepingcomputer.com/news/security/vmware-vcenter-server-bug-disclosed-last-year-still-not-patched/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: Your BRAND here - Contact us for opportunities today! ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 s Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity
Today's podcast has Tina Williams-Koroma, President and Founder of TCecure, LLC, and skills at https://cyskills.com, who will discuss managing security through minor and significant changes to systems and the business environment. Managing third-party risk can impact your cybersecurity posture and budget, and an excellent risk-based approach to security will enhance your business environment. Enjoy today's show! Visit our sponsors: BlockFrame Inc. IEEE Digital Privacy Murray Security Services
The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is sponsored by Deloitte Cyber. To learn more about our sponsor, visit https://deloitte.com/cyber • For more breaking news, visit https://cybercrimewire.com
What's Russia up to in cyberspace, nowadays? Belgium accuses China of cyberespionage. LockBit ransomware spreading through compromised servers. Malek Ben Salem from Accenture explains the Privacy Enhancing Technologies of Federated Learning with Differential Privacy guarantees. Rick Howard speaks with Rob Gurzeev from Cycognito on Data Exploitation. And Micodus GPS tracker vulnerabilities should motivate the user to turn the thing off. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Continued cyber activity in Eastern Europe observed by TAG (Google) Declaration by the High Representative on behalf of the European Union on malicious cyber activities conducted by hackers and hacker groups in the context of Russia's aggression against Ukraine (European Council) China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors (Federal Public Service Foreign Affairs) Déclaration du porte-parole de l'Ambassade de Chine en Belgique au sujet de la déclaration du gouvernement belge sur les cyberattaques (Embassy of the People's Republic of China in the Kingdom of Belgium) LockBit: Ransomware Puts Servers in the Crosshairs (Broadcom Software Blogs | Threat Intelligence) Critical Vulnerabilities Discovered in Popular Automotive GPS Tracking Device (MiCODUS MV720) (BitSight) CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker (CISA)
Deepfake spear phishing, unpatched systems vulnerability, MongoDB on the evolution of data storage tech, and more. A new, remarkably sophisticated malware is attacking routers Criminals use deepfake videos to interview for remote work Arduino launches IP40-rated Edge Control Enclosure Kit with on-board LCD user interface A world-first computer chip transmits data via sound waves rather than electrons Cyberattacks via unpatched systems cost organizations more than phishing MongoDB SVP of Cloud Products Andrew Davidson returns to talk more about MongoDB and the evolution of data storage technologies Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Andrew Davidson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Nuvei.com Compiler - TWIET
Deepfake spear phishing, unpatched systems vulnerability, MongoDB on the evolution of data storage tech, and more. A new, remarkably sophisticated malware is attacking routers Criminals use deepfake videos to interview for remote work Arduino launches IP40-rated Edge Control Enclosure Kit with on-board LCD user interface A world-first computer chip transmits data via sound waves rather than electrons Cyberattacks via unpatched systems cost organizations more than phishing MongoDB SVP of Cloud Products Andrew Davidson returns to talk more about MongoDB and the evolution of data storage technologies Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Andrew Davidson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Nuvei.com Compiler - TWIET
This episode reports on successful attacks exploiting the Log4Shell hold in two unpatched VMware applications, and more
Five Minute Forecast for the week of June 13th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Unpatched router vulnerabilities are being exploited by state-sponsored attackers Ukrainian security authorities warn of active Follina campaigns Details of a massive Facebook phishing campaign revealed Joining us is senior threat researcher Jared Peck, for a discussion about cryptocurrency and cyber crime. Link to the blog post mentioned: https://www.proofpoint.com/us/blog/threat-insight/how-cyber-criminals-target-cryptocurrency
Malicious cyber actors are exploiting multiple critical vulnerabilities in VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. CISA has updated this alert with additional indicators of compromise, detection signatures, and threat actor TTPs from trusted third parties to assist administrators with detecting and responding to this activity. AA22-138B Alert, Technical Details, and Mitigations AA22-138B.stix Emergency Directive 22-03 Mitigate VMware Vulnerabilities VMware Security Advisory VMSA-2022-0011 VMware Security Advisory VMSA-2022-0014 Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others) All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. AA22-138B Alert, Technical Details, and Mitigations AA22-138B.stix Emergency Directive 22-03 Mitigate VMware Vulnerabilities VMware Security Advisory VMSA-2022-0011 VMware Security Advisory VMSA-2022-0014 All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. AA22-138B Alert, Technical Details, and Mitigations AA22-138B.stix Emergency Directive 22-03 Mitigate VMware Vulnerabilities VMware Security Advisory VMSA-2022-0011 VMware Security Advisory VMSA-2022-0014 All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Welcome back to the Unpatched Gaming Podcast, where we are the primordial soup brewing beneath the White House. That's right, we are playing the S3 simulations, Metal Gear Solid and Metal Gear Solid 2: Sons of Liberty. Metal Gear Solid is Zack's favorite video game series of all time; he's been eager to share it with Tyler and the Unpatched community! These are crazy masterworks – with their own share of problems – that are absolutely still worth your time today.Come join the discussion on our Discord! You can get access via our $2 Patreon. We'd love to hear from the massive, diverse MGS community. These games ALWAYS generate great discussion.MGS2 Full Playthrough: https://www.youtube.com/watch?v=2qsHbwpvHcAMGS2 AI Scene: https://www.youtube.com/watch?v=eKl6WjfDqYAPatreon: https://www.patreon.com/unpatchedgamingTwitter: https://twitter.com/UnpatchedGamingInstagram: https://www.instagram.com/unpatchedgaming#MGS #Kojima #Konami #MetalGear #MetalGearSolid #MGS2 #SonsofLiberty
Welcome to Unpatched 2022! We're kicking things off with a combo only Tyler could come up with: Batman: Arkham Asylum and One Step From Eden. Both are spiritual successors to games that haven't really had true spiritual successors: Metroid Prime and Megaman Battle Network (respectively). Modern follow-ups to these Gamecube and GBA classics.What are some other games that have never gotten the successors they deserve? Do you think we got it right? Let us know on our Discord! Access it via Patreon; we'd love to have you.#BatmanArkham #ArkhamAsylum #Joker #MarkHamill #Megaman #MegamanBattleNetwork #MMBN #OneStepFromEden #SlaytheSpire #Arkham #rogue
We're finally here: Game of the Year 2021! This episode will be split into two parts: Unpatched's 2021 and "The Year" 2021. Be sure to check out both if the full production is too unbearably long! Together they are a full reflection on the games we've played this year. So grateful for an awesome community to share some killer (and dead) games this year.What did you love this year? What's your GotY? Something we missed that deserves more love? Why is it Guardians of the Galaxy?Thanks again for an incredible 2021! Here's to Metal Gear, Mass Effect, and so much more in 2022!Open Discord Server: https://discord.gg/UQErYFbpbe
A new Chinese cyberespionage group is described. Cobalt Strike implants are observed hitting unpatched VMware Horizon servers. Ukraine attributes last week's cyberattacks to Russia (with some possibility of Belarusian involvement as well). Microsoft doesn't offer attribution, but it suggests that the incidents were more destructive than ransomware or simple defacements. The US warns of possible provocations. Ben Yelin looks at a bipartisan TLDR bill. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance on the ongoing threat of phishing. And the REvil arrests in Russia may have been for “leverage.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/11
This one goes out to everyone's favorite virgin, #ScottTheWoz! The Unpatched guys play through some of Scott's staples, from a chicken shooter all the way to the principal accursed Chibi Robo: Zip Lash. Here's to you, Scott!Free Discord: https://discord.gg/UQErYFbpbePatreon: https://www.patreon.com/unpatchedgamingTwitter: https://twitter.com/UnpatchedGamingInstagram: https://www.instagram.com/unpatchedgaming#CrazyChicken #Madden08 #FlingSmash #ChibiRobo #ZipLash #3DS #PS5 #DarkVirginAcolyte
Picture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain attacks. If it's Tuesday... Cisco's DEFAULT SSH key. U.S. Federal agencies have been ordered to patch hundreds of actively exploited flaws. Closing The Loop. SpinRite. Bluetooth Fingerprinting. We invite you to read our show notes at https://www.grc.com/sn/SN-844-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 bitwarden.com/twit wwt.com/twit
Picture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain attacks. If it's Tuesday... Cisco's DEFAULT SSH key. U.S. Federal agencies have been ordered to patch hundreds of actively exploited flaws. Closing The Loop. SpinRite. Bluetooth Fingerprinting. We invite you to read our show notes at https://www.grc.com/sn/SN-844-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 bitwarden.com/twit wwt.com/twit
Picture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain attacks. If it's Tuesday... Cisco's DEFAULT SSH key. U.S. Federal agencies have been ordered to patch hundreds of actively exploited flaws. Closing The Loop. SpinRite. Bluetooth Fingerprinting. We invite you to read our show notes at https://www.grc.com/sn/SN-844-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 bitwarden.com/twit wwt.com/twit
Picture of the Week. Lots of welcome progress on the ransomware front. Pwn2Own Austin: Last Tuesday-Thursday largest ever 3-day Fall 2021 Pwn2Own. Windows 11 snipping tool, its emoji picker, and other parts are failing. Trouble being created by unpatched GitLab servers. More supply chain attacks. If it's Tuesday... Cisco's DEFAULT SSH key. U.S. Federal agencies have been ordered to patch hundreds of actively exploited flaws. Closing The Loop. SpinRite. Bluetooth Fingerprinting. We invite you to read our show notes at https://www.grc.com/sn/SN-844-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 bitwarden.com/twit wwt.com/twit
This week in the Security Weekly News: Dr. Doug talks Resilience, Twitch, Apache, Canopy, Microsoft, LANtenna, and the US Navy playing Age of Empires, as well as all the show Wrap-Ups on this episode of the Security Weekly News Wrap up Show! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn156
This week in the Security Weekly News: Dr. Doug talks Resilience, Twitch, Apache, Canopy, Microsoft, LANtenna, and the US Navy playing Age of Empires, as well as all the show Wrap-Ups on this episode of the Security Weekly News Wrap Up Show! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn156
This week in the Security Weekly News: Dr. Doug talks Resilience, Twitch, Apache, Canopy, Microsoft, LANtenna, and the US Navy playing Age of Empires, as well as all the show Wrap-Ups on this episode of the Security Weekly News Wrap Up Show! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn156
Epic vs. Apple, Ευρωπαϊκή Επιτροπή και USB-C, Castlevania, LEGO Star Wars, μπλε και πράσινοι κόκκοι. Γκρίνια; Ποια γκρίνια; Επικοινωνία με την εκπομπή: Email | Facebook Group | Twitter Λεωνίδας Μαστέλλος: Facebook | Twitter | Spotify Μάνος Βέζος: The Vez | Facebook | Twitter | Instagram | Apple Music Exor, Ferrari and LoveFrom announce creative partnership Apple's “Swagger,” from NBA superstar Kevin Durant, creator Reggie Rock Bythewood and Brian Grazer, to make global debut on Friday, October 29 Apple orders “Amber Brown,” from creator and director Bonnie Hunt, based on best-selling book series by Paula Danziger Acapulco — Official Trailer Blush — Official Trailer CODA — What is ASL Gloss? Get Rolling With Otis — Official Trailer Invasion — Official Trailer Puppy Place — Official Trailer The Morning Show — Inside the Episode: “It's Like the Flu” Wolfboy and the Everything Factory — How to Draw a Spryte Wolfboy and the Everything Factory — How to Animate a Character Wolfboy and the Everything Factory — Intro to Sprytes with Professor Luxcraft Castlevania: Grimoire of Souls LEGO® Star Wars™ Battles If you can't use Apple Music on your new iPhone or iPad If Unlock with Apple Watch isn't working on your iPhone 13 Apple Says Third-Party Apps Can Take Full Advantage of ProMotion With Plist Entry, Core Animation Bug Fix Coming Apple Says 'Jelly Scrolling' on iPad Mini 6 is Normal Behavior for LCD Screens Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program Apple ‘Still Investigating' Unpatched and Public iPhone Vulnerabilities Apple AirTag Bug Enables ‘Good Samaritan' Attack Some iPhone 13 Users Reporting Intermittent Touch Issues, Older Models Also Affected After Updating to iOS 15 New in-app purchase capabilities now available Apple Increases Price of Beats Flex Headphones From $50 to $70 Apple releases tvOS 15: Here's everything new – updated Epic Games vs. Apple judgement Stephen Warwick στο Twitter Pulling the plug on consumer frustration and e-waste: Commission proposes a common charger for electronic devices European Union announces plans to require all mobile devices to use USB-C Apple Watch Series 7 Supports 60.5GHz Wireless Data Transfer, But Likely for Apple's Internal Use Only
Epic vs. Apple, Ευρωπαϊκή Επιτροπή και USB-C, Castlevania, LEGO Star Wars, μπλε και πράσινοι κόκκοι. Γκρίνια; Ποια γκρίνια; Επικοινωνία με την εκπομπή: Email | Facebook Group | Twitter Λεωνίδας Μαστέλλος: Facebook | Twitter | Spotify Μάνος Βέζος: The Vez | Facebook | Twitter | Instagram | Apple Music Exor, Ferrari and LoveFrom announce creative partnership Apple's “Swagger,” from NBA superstar Kevin Durant, creator Reggie Rock Bythewood and Brian Grazer, to make global debut on Friday, October 29 Apple orders “Amber Brown,” from creator and director Bonnie Hunt, based on best-selling book series by Paula Danziger Acapulco — Official Trailer Blush — Official Trailer CODA — What is ASL Gloss? Get Rolling With Otis — Official Trailer Invasion — Official Trailer Puppy Place — Official Trailer The Morning Show — Inside the Episode: “It's Like the Flu” Wolfboy and the Everything Factory — How to Draw a Spryte Wolfboy and the Everything Factory — How to Animate a Character Wolfboy and the Everything Factory — Intro to Sprytes with Professor Luxcraft Castlevania: Grimoire of Souls LEGO® Star Wars™ Battles If you can't use Apple Music on your new iPhone or iPad If Unlock with Apple Watch isn't working on your iPhone 13 Apple Says Third-Party Apps Can Take Full Advantage of ProMotion With Plist Entry, Core Animation Bug Fix Coming Apple Says 'Jelly Scrolling' on iPad Mini 6 is Normal Behavior for LCD Screens Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program Apple ‘Still Investigating' Unpatched and Public iPhone Vulnerabilities Apple AirTag Bug Enables ‘Good Samaritan' Attack Some iPhone 13 Users Reporting Intermittent Touch Issues, Older Models Also Affected After Updating to iOS 15
Deepmind doesn't know how to fix AI; virtual staging; White Claw Surge; crypto unaffected by China news; Instagram for Kids, paused; Samsung's brain; Apple Wallet & vax cards; ravens attacking drones; Shatner in spaaaaccee; Imagineering Story; Sex Ed season 3; the Great Escapists; Foundation; Dune; the Witcher, for kids; Goliath; Nirvana; multiple timers in WatchOS; Cook is a gangster; Tiny Food Fight; iPad Mini; Star Wars: Visions; puppet shows to podcasts; file systems, do we need them; Mini's turn signals; strange blobs on Uranus.Show notes at https://gog.show/524This episode of Grumpy Old Geeks is brought to you by Hover!Hover is the place to get the best domains. With over 300 top level domains to choose from. Go to Hover.com/gog and get 10% off your first purchase.FOLLOW UPDeepMind tells Google it has no idea how to make AI less toxicThe Framework Laptop is now shipping!The Framework is the most exciting laptop I've ever usedIN THE NEWSBitcoin, ether, and major altcoins tumble on news that China will completely ban all crypto transactionsInstagram for kids paused after backlashCalifornia makes zero-emission autonomous vehicles mandatory by 2030Samsung hopes to 'copy and paste' the brain to 3D chip networksApple Wallet update will allow digital COVID-19 vaccination cardBird attacks on drones force Google to suspend home deliveriesWilliam Shatner will boldly go into space with Bezos's Blue OriginMEDIA CANDYThe Imagineering StorySex Education Season 3The Great EscapistsThey Said Foundation Couldn't Be Filmed, and It Still Hasn't BeenDuneSandman First LookCowboy Bebop TrailerNetflix's 'The Witcher' plans include season 3 and a kids' seriesGoliath Season 4Live nirvana concert chronology october 12, 1991 - Cabaret Metro, Chicago, ILAPPS & DOODADSApple turns post-lawsuit tables on Epic, will block Fortnite on iOSApple TV 4KTiny Food FightNew iPad mini owners report 'jelly scrolling' problemsAT THE LIBRARYQuit Repeating Yourself: How Today's Leaders Are Using Systems and Processes to Grow Their Business The Right Way by Jaime JayBrandon Sanderson's SkywardSECURITY HAH!The CyberWireDave BittnerHacking HumansCaveatRecorded FutureDave Bittner: From puppet shows to podcasts.Only Murders in the BuildingStar Wars: VisionsGen Z Kids Apparently Don't Understand How File Systems WorkLithuanian defence ministry urges people to 'throw away' Chinese phones after discovering censorship toolsApple ‘Still Investigating' Unpatched and Public iPhone VulnerabilitiesMORON OF THE WEEKCongratulations, Mini, You Made The Stupidest Turn Signals EverBRIC-A-BRACMaps That Show Us A New PerspectiveSCIENTISTS INTRIGUED BY STRANGE BLOBS ON URANUSSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The amazing Yahoo! News story on the former CIA director's awesome brainwaves Hostage diplomacy pays off for Huawei CFO NSA releases great guidance on VPN security Microsoft has actually hired a cybersecurity executive Much, much more This week's show is brought to you by Material Security. Material's co-founder Ryan Noon will be along in this week's sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider's API – whether you're on Google Workspace or O365 – to do things like archive and redact email, and they're finding their customers are using these features to actually implement retention email strategies. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks The Yahoo Story about All the Things CIA Wasn't Allowed to Do Against WikiLeaks - emptywheel Controversial Maricopa "Audit" Concludes that Biden Won by More Votes Than Previously Reported - by Kim Zetter - Zero Day China played dirty to get Huawei's 'princess' back — too dirty even to tell its own people - ABC News Newly-formed international alliances vow to improve cybersecurity, in moves China sees as affront EU formally blames Russia for GhostWriter influence operation - The Record by Recorded Future Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider - The Record by Recorded Future US deports highly-prized hacker back to Russia - The Record by Recorded Future He Escaped the Dark Web's Biggest Bust. Now He's Back | WIRED NSA, CISA publish guide for securing VPN servers - The Record by Recorded Future The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous Biden administration officials push Congress to shape breach reporting mandates Ransomware Isn't Back. It Never Left | WIRED CISA, FBI, NSA warn of increased attacks involving Conti ransomware Major European call center provider goes down in ransomware attack - The Record by Recorded Future Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims State-sponsored hacking group targets Port of Houston using Zoho zero-day - The Record by Recorded Future Russian missile fuel maker targeted with recent Office zero-day - The Record by Recorded Future Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft | Reuters Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials - The Record by Recorded Future New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes - The Record by Recorded Future Apple ‘Still Investigating' Unpatched and Public iPhone Vulnerabilities Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr Apple patches iOS and macOS zero-day exploited in the wild - The Record by Recorded Future New iCloud Private Relay service leaks users' true IP addresses, researcher claims | The Daily Swig Lithuanian government warns about secret censorship features in Xiaomi phones - The Record by Recorded Future VMware vCenter deployments under attack as enterprises urged to update systems | The Daily Swig Developers fix multitude of vulnerabilities in Apache HTTP Server | The Daily Swig Google finds adware strain abusing novel file signature evasion technique - The Record by Recorded Future Device ‘breakage' concerns persist days before Let's Encrypt root cert expiry | The Daily Swig Meet TruffleHog – a browser extension for finding secret keys in JavaScript code | The Daily Swig #RomHack2021 - Dirk-jan Mollema - Breaking Azure AD joined endpoints in zero-trust environments - YouTube
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
iPad mini review, USB-C on iPhone, Apple leaks The new iPad mini EU plans one mobile charging port for all, in setback for Apple When you 'Ask app not to track,' some iPhone apps keep snooping anyway Apple 'Still Investigating' Unpatched and Public iPhone Vulnerabilities iFixit: iPhone 13 Pro Teardown GQ: How Apple made the iPhone 13 camera for TikTok obsessives and Oscar winners Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update Study: Apple Watch Series 6 oximeter is 'reliable' for patients with lung disease Why EFF Flew a Plane Over Apple's Headquarters 1Password can now randomly generate email addresses for logins Apple Won't Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic's 'Duplicitous Conduct' Apple releases iOS 12.5.5 for older iPhones and iPads with 'important security updates' Tim Cook says employees who leak memos do not belong at Apple, according to a leaked memo New features in Keynote, Pages, and Numbers enhance remote presentations and working with documents on the go Analyst Ming-Chi Kuo expects new MacBook Air with next-generation Apple Silicon to arrive in Q3 2022 Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in the Second Quarter of 2022 Picks of the Week Andy's pick: The Marble Machine X and some terrific lessons about extended project development Rene's pick: Recut for macOS Alex's pick: iWork Suite & Blackbird 4K 8x8 HDMI Matrix Switch Leo's pick: SketchUp for iPad (Beta) Hosts: Leo Laporte, Alex Lindsay, Rene Ritchie, and Andy Ihnatko Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: att.com twit.cachefly.com
On this week's episode of the podcast I cover a few very worrying vulnerabilities, an update to the Windows 11 health checker and much more! Reference Links: https://www.rorymon.com/blog/episode-195-unpatched-exchange-bug-win11-health-checker-update-new-servicenow-teams-integration-more/
ReverseRat is back and better, and it's sniffing at Afghanistan. LockBit wants $50 million from Accenture. When employees leave, do they take your data with them? (Survey, or rather, telemetry, says yes.) Unpatched Apex One instances are under active attack. PrintNightmare continues to resist patching. Google bans SafeGraph. Apple explains what's up with iCloud privacy. Caleb Barlow wonders if ransomware payments financing criminal infrastructure in Russia. Our guest is Oliver Rochford from Securonix on the notion of cyberwar. And the SynAck ransomware gang rebrands. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/156
Dr. Elisa Costante, vice president of research at Forescout Technologies, explains to Tonya Hall why the healthcare sector is so impacted by TCP/IP vulnerabilities. Learn more about your ad choices. Visit megaphone.fm/adchoices
Hey kindagamers! We're back doing an awesome collaboration with Zack and Tyler from the Unpatched Gaming Podcast. These guys went through our GGOAT bracket and we thought it would be fun to play through a couple of the games where we really differed in opinion. Please check out the second part of this episode discussing Portal 2 on the Unpatched Gaming feed (https://open.spotify.com/episode/1h9vqDqlIqjTYIunSONOwe?si=q7ne8PhTTkymdY6E6KbihQ&dl_branch=1), we had a lot of fun talking about a game that Jonny and I had never played and definitely overlooked during the GGOAT tournament. Friendly reminder to hit us up on Instagram and Twitter @gameresquepod Unpatched Gaming: Feed: https://podcasts.apple.com/us/podcast/unpatched-gaming-podcast/id1534208414?uo=4 Feed (for the Spotify Peeps): https://open.spotify.com/show/11uhzuDFUSQ0JxbFH6QW8M Twitter: https://twitter.com/unpatchedgaming Instagram: https://www.instagram.com/unpatchedgaming/ Patreon: https://www.patreon.com/unpatchedgaming --- Send in a voice message: https://podcasters.spotify.com/pod/show/gameresque/message
This week Zack and Tyler are joined by the stylish gents from the Gameresque podcast, Zach and Jonny! After the exciting and surprisingly different results of their March Madness bracket, we all decided it'd be fun to share some of our favorite games that we felt deserved more love. For the Unpatched guys, we were excited to share the hilarious, blockbuster ride that is Valve's classic, Portal 2.You can find Part 2 of this episode on the Gameresque Podcast's feed where they share one of their Zach's all-time favorites, Spider-Man PS4. Definitely give them a subscribe to get a fresh "gameresque" perspective! All the important info is down below:Gameresque:Twitter/Instagram: @gameresquepodJonny: @jonnybyrneZach: @zmoneywattsFeed: https://podcasts.apple.com/us/podcast/gameresque/id1545264552Unpatched:Patreon: https://www.patreon.com/unpatchedgamingTwitter: https://twitter.com/UnpatchedGamingInstagram: https://www.instagram.com/unpatchedgaming
Thank you Michael in Tennessee for being our guest throughout the program! We really appreciate it. Welcome to the Security Box, podcast 48. On this edition of the podcast, we've got two topics for you. The first is probably one you can file in the "I can't believe I read this crap" department, while the second deals with Windows Update and what we had to look forward to there. We've got news notes with quite a number of very interesting items, as well as taking your calls, voice messages and stories to boot. Topics Adventures in Contacting the Russian FSB Krebs on Security June Patch Tuesday: Internet Explorer Finally Laid to Rest from Trend Micro and Microsoft Patches Six Zero-Day Security Holes from Krebs should be read for Patch Tuesday. Worth the read as usual. News and notes from around the landscape We may have a lot of the things listed here in articles and commentary on the blog. Feel free to check out the articles and have your voice heard. This is not a drill: VMware vuln with 9.8 severity rating is under attack Ars Technica Trickbot indictment demonstrates how one hacking tool built on older malware Cyberscoop Ransomware hits iConstituent, a service lawmakers use to communicate with voters Cyberscoop Biden revokes TikTok ban, issues new guidance for evaluating foreign apps Cyberscoop 47% Phishing Increase in Q1 Phishlabs blog Unpatched vulnerability in Samsung phones could let hackers read your messages Phone Arena MoviePass settles with the FTC over exposing private information, misleading consumers Cyberscoop RockYou2021 Breach: How to Keep Your Data Secure Now Lastpass For full show notes including articles we didn't cover but read, check the blog.
Welcome to our first bonus episode! Tyler and Zack steal the Gameresque Podcast's fantastic March Madness bracket for the Greatest Game of All Time (GGOAT). Definitely check out their podcast where they break down their genius seeding algorithm and talk more about how they ended up with the bracket they did.Tyler and Zack felt that this format was perfect for generating interesting conversation. As their title suggests, they are Gameresque; they play games more casually and end up with a unique perspective because of it. We wanted to offer up some worthy comparison by showing how Unpatched Gaming -- a hopelessly full-on gamer perspective -- would tackle the exact same bracket. And you know us: we're all about sharing games, so we may even try to share some of our favorites down the line.If you're looking for a visual aid, we're posting the brackets on our Discord and Instagram. Access to our Discord is only $2/mo via our Patreon, so be sure to check it out! Even more, though, definitely check out the Gameresque Podcast (linked below)! They're doing quality work and offer a perspective you just can't find on Unpatched.Gameresque Podcast: https://podcasts.apple.com/us/podcast/gameresque/id1545264552Twitter: https://twitter.com/gameresquepodInstagram: https://www.instagram.com/gameresquepod/Patreon: https://www.patreon.com/unpatchedgamingTwitter: https://twitter.com/UnpatchedGamingInstagram: https://www.instagram.com/unpatchedgamingTyler's Bioshock Essay that He is Ashamed of: https://focusedquality.wordpress.com/2013/06/13/the-backlog-bioshock/00:00:00 -- Intro and Tourney Breakdown00:13:20 -- 2005-2008 Round 100:56:03 -- 2009-2012 Round 101:30:26 -- 2013-2016 Round 102:02:17 -- 2017-2020 Round 1
A phishing campaign this week appears to be the work of Russia’s SVR. Chinese government threat actors continue to exploit unpatched Pulse Secure instances. FBI renews warnings about unpatched Fortinet appliances. Healthcare organizations still work to recover from ransomware. Rick Howard speaks with author Andy Greenberg on his book Sandworm. Ben Yelin weighs in on questions Senator Wyden has for the Pentagon. And a look at the criminal ransomware market, including the consultants who serve the extortionists. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/103
Updates on the DarkSide ransomware attack on Colonial Pipeline. Other ransomware strains, including Avaddon and Babuk are out, and dangerous. Guidelines on 5G threat vectors. Lemon Duck cryptojackers are looking for vulnerable Exchange Server instances. A bogus, malicious Chrome app is circulating by smishing. Ben Yelin examines an online facial recognition platform. Our guest is Mathieu Gorge of VigiTrust on the privacy risks of video and audio recordings. And an update on an espionage trial. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/90
An Airdrop vulnerability remains unpatched, Signal makes an epic clap back at Cellebrite, and Emotet begins a mass deletion of itself! All that coming up now on ThreatWire. #threatwire #hak5 Links: Weekly security and privacy news, brought to you by Shannon Morse. ThreatWire is a weekly news journalism show covering security and privacy topics for network admins and users. Watch this on youtube: https://youtu.be/6fKv5F3HtXQ Shop ThreatWire Merch Directly! - https://snubsie.com/shop Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/threatwire Links: Apple AirDrop Leak https://gizmodo.com/airdrop-security-flaw-exposes-1-5-billion-apple-devices-1846747548 https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it/ https://www.cnet.com/news/airdrop-could-be-hacked-to-reveal-personal-information-researchers-suggest/ https://www.usenix.org/system/files/sec21fall-heinrich.pdf https://github.com/seemoo-lab/privatedrop Signal Cellebrite: https://signal.org/blog/cellebrite-vulnerabilities/ https://signal.org/blog/cellebrite-and-clickbait/ https://www.haaretz.com/israel-news/.premium-israeli-phone-hacking-firm-cellebrite-halts-sales-to-russia-after-haaretz-report-1.9633312 https://arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/ https://www.vice.com/en/article/k78q5y/signal-ceo-hacks-cellebrite-iphone-hacking-device-used-by-cops https://www.zdnet.com/article/signal-rattles-sabre-and-exposes-crackable-cellebrite-underbelly/ https://www.cyberscoop.com/cellebrite-signal-moxie-marlinspike-ufed/ https://www.bleepingcomputer.com/news/security/signal-ceo-gives-mobile-hacking-firm-a-taste-of-being-hacked/ https://www.cellebrite.com/en/cellebrites-new-solution-for-decrypting-the-signal-app/ Emotet: https://www.zdnet.com/article/police-just-delivered-this-killswitch-update-to-finish-off-a-notorious-botnet/ https://www.cyberscoop.com/law-enforcement-emotet-botnet-ransomware/ https://www.bleepingcomputer.com/news/security/emotet-malware-nukes-itself-today-from-all-infected-computers-worldwide/ https://www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/ Photo credit: https://www.iphonehacks.com/wp-content/uploads/2017/08/iOS-11-AirDrop-1.jpg -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 Threat Wire RSS → https://shannonmorse.podbean.com/feed/ Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999 Host: Shannon Morse → https://www.twitter.com/snubs Host: Darren Kitchen → https://www.twitter.com/hak5darren Host: Mubix → http://www.twitter.com/mubix -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A ransomware insurance provider experiences a breach that could affect customers, and Slack’s new “Slack Connect” feature has some security concerns.
Happy 20th anniversary, Megaman Battle Network! Today, Nick joins Zack and Tyler as they discuss the underrated masterpiece, Megaman Battle Network 3. Tyler plays the game for the first time and shares his unclouded insight while Zack and Nick gush over the six times they've played the game throughout the years. It's a really special experience and one in need of the Unpatched sharing treatment! So make sure you join us on Discord, Twitter, and Instagram to share the love for this awesome franchise!And we want to give a huge shoutout to u/TDOzero from the Battle Network subreddit for generously providing his footage for the video! The whole subreddit is an awesome place for Battle Network fans filled with people like TDOzero who just want to love on this underloved series.Patreon: https://www.patreon.com/unpatchedgamingTwitter: https://twitter.com/UnpatchedGamingInstagram: https://www.instagram.com/unpatchedgaming0:00:00 Megaman Battle Network 32:12:57 Hitman2:28:10 Announcement!
Risk Assessments, Frameworks, and Approaches Risk Assessments are the topic for this episode of the CISO Dojo Podcast. What is a risk assessment: The identification, evaluation, and estimation of the levels of risks involved in a situation, with comparisons against benchmarks or standards, and determination of an acceptable level of risk. There are two types of risk assessments we discuss in this episode: Quantitative Risk Assessment: This one uses actual data and amounts during the risk assessment. Qualitative Risk Assessment: “Relative measure of risk or asset value based on rankings such as low, medium or high; not important, important very important, or on a scale from 1 to 10.” Risk Assessment Frameworks We are going to discuss two commonly use frameworks often utilized for risk assessments: FAIR (Factor Analysis of Information Risk) Defines value/liability as: Criticality Cost Sensitivity Embarrassment Competitive advantage Legal/regulatory General FAIR also defines six kinds of loss: Productivity Response Replacement Fines and judgments Competitive advantage NIST Special Publication 800 – 30 Risk Assessment Framework: NIST 800-30 is a 9 step approach to risk assessments that includes: Step 1: System Characterization Step 2: Threat Identification Step 3: Vulnerability Identification Step 4: Control Analysis Step 5: Likelihood Determination Step 6: Impact Analysis Step 7: Risk Determination Step 8: Control Recommendations Step 9: Results Documentation Types of Risk Assessments In this episode we briefly cover a few common types of risk assessments: RIA: Risk Impact Assessment This is the initial risk assessment that classifies the risk level of the system (Low, Moderate, High, Very High) and mitigating controls. BIA: Business Impact Assessment This is usually used during BPC/DR planning and determines the impact of losing your business-critical systems. PIA: Privacy Impact Assessment This one identifies PII that is collected; why the information is collected; and how the data will be used, shared, stored, and protected. DRIA: Detailed Risk Impact Assessment This one is more detailed than a regular risk assessment and outlines more robust security controls that are commensurate with the inherent risks of the system. We aren’t going to get into Risk Analysis, because there’s a larger conversation that needs to be had here. An organization needs understand what their top risks are so they can know here to start the risk assessment process. Top security risks for businesses Let’s take a look at where a lot of organizations are incurring the greatest amount of risk with their security posture, or lack of security posture. Your Organization is a Target Traditionally smaller businesses weren’t an appealing target for threat actors. That changed when ransomware arrived on the scene. Smaller organizations are a more appealing target for ransomeware because they typically have less budget to spend on backing up their data, business continuity, and disaster recovery. When a small business experiences ransomware, more often than not , they are forced to pay the ransom to recover their data and return to normal operations. If it’s not ransomware, the second favorite cyber attack of threat actors is crypto mining malware that runs silently on the systems consuming resources and mining cryptocurrency for the attacker. Cyber Security Budget Many of the organizations aren’t aware if they are over invested or under invested in security. Over investments takes funds away from other strategic business objectives, while under investment incurs too much risk for the organization. Over investment isn’t a difficult problem to solve, but under investment can be challenging to rectify. The best approach to determining where you stand is to map out the maturity of your organization in relation what the industry is doing. I’ll use the NIST Cybersecurity Framework functions to measure the maturity of the security program: Identify Protect Detect Respond Recover Next, map the maturity levels of 0-5 using the Capability Maturity Model. 0 is the least mature and 5 is the most mature. Most organizations should strive for a maturity level of 3 across the five functions of the NIST CSF. If you are not at level 3, you are under invested in that particular function. If you are at a 4-5 maturity level for a particular function, you might be over invested in that function. Patching and Vulnerability Management Risk Assessments An effective cyber security program includes patching and vulnerability management. Unpatched vulnerabilities provide opportunities for threat actors to compromise your systems and networks. Even in the best organizations achieve about a 75% success rate. In an organization that lacks patching and vulnerability management the risk for a breach is considerable. A successful patching and vulnerability management program starts with asset inventory. You need to know what assets you have and then you need a way to identify and monitor your patching and vulnerability exposure and remediation progress. Email Security Risk Assessments Breaches often start with malware, phishing, or spam as the entry point into the organization. This indicates a lack of technical controls at the email server, as well as the administrative control of a security awareness program. If you are hosting email in house with no spam filtering, anti-malware, or other technical controls, now is a good time to consider outsourcing email to Office 365 or Google Apps. The benefits are less maintenance, more security, reduced costs and administration time. Data Backup, Testing, and Recovery A lot of organizations lack a backup plan, back up retention, and testing of backups. The problem is usually a lack of understanding of what their mission critical data is. This goes back to the lack of a mature security program. Organizations that are backing up their data usually fail to test their backups due to a lack of time and lack of staff. This is something that should also be addressed in the over all security program for the organization or perhaps outsourced to a third party for business continuity and disaster recovery purposes. BYOD Cyber Security Risk Assessments Mobile devices are growing in popularity as an entry point for threat actors and careful consideration should be given to BYOD programs. While there is a lot of benefit to BYOD (bring your own device) there are also a lot of risks. The main issues are co-mingling of data, eDiscovery, terminations, data security, and mobile device management. Mobile device manage is critical if you allow employees to utilize their own mobile devices for work purposes. You should also include and mobile device threat prevention solution that detects and prevents malware, phishing over text message (smishing), and rooting or jail breaking of mobile devices. Also consider a VPN for secure connections from the mobile device back to the corporate network. No Cyber Security Program This by far is one of the most common problems I encounter when consulting with small, medium, and even large enterprise level businesses. There should be an overarching policy from the executive level that the organization understands the importance of cyber security and will have a cyber security program. A typical cyber security program should include: Security Awareness Business Continuity and Disaster Recovery Physical Security Acceptable use policies for email, Internet, and mobile devices Password policy Encryption Policy Cloud Storage and provisioning policy Incident response policy Vendor Management Policy Cyber Risk Appetite Statement The above is not a comprehensive list and will differ from organization to organization. Preventing breaches, business impact, and security incidents starts with risk assessments and a cyber security program. Having a formal security program also means having someone in charge of security to drive it forward. This is usually a CISO or VCISO depending on the size of the organization. The post Risk Assessments, Frameworks, and Approaches appeared first on CISO Dojo.
In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680
In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw680
Microsoft’s December 2020 Patch Tuesday fixes 58 vulnerabilities Unpatched bugs open GE radiological devices to remote code execution Cloudflare and Apple design a new privacy-friendly internet protocol Thanks to our sponsor, Code42. Tomorrow Code42 will release its annual Data Exposure Report on Insider Risk. Last year’s report revealed that 63% of new hires who admit to taking data with them to a new job are repeat offenders. Tune in tomorrow for highlights from this year’s report. For the stories behind the headlines, go to CISOseries.com.
Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 216. It is Wednesday September 30th 2020. I am your host Scott Gombar and There are 247,000+ Unpatched Exchange Servers, and The Bad Guys Know This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut. You can visit us at nwajtech.com Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack Two major flight tracking services hit by crippling cyberattacks Fake software crack sites used to push Exorcist 2.0 Ransomware Cisco fixes actively exploited bugs in carrier-grade routers Ransomware hits US-based Arthur J. Gallagher insurance giant Microsoft clarifies patch confusion for Windows Zerologon flaw Over 247K Exchange servers unpatched for actively exploited flaw MU Health Care Phishing Attack Impacts 5,000 Patients
A few weeks ago the US Cyber Command released an urgent alert on a vulnerability on F5 Big-IP devices. This vulnerability is so critical it was given a Level 10 on the CVSS scale, the highest. Two weeks later and only 500 of the 8,000 found have been patched. This episode talks about why this could be happening and it's not uncommon. Vulnerability report - https://support.f5.com/csp/article/K52145254 Be aware, be safe. Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio,
Unpatched and beyond-end-of-life systems are (again) at risk. Conti ransomware appears to be steadily displacing its ancestor Ryuk in criminal markets. Are privacy laws as consumer friendly as they’re often taken to be? There may be some grounds for doubt. German security services warn of the espionage potential of Chinese companies’ data collection. Huawei skepticism grows in Germany, Canada, and the UK. Zully Ramzan from RSA on zero trust. Our guest is Conan Ward from QOMPLX on the unfortunate reality of cyber insurance in light of the 3rd anniversary of NotPetya. And Ray Hushpuppi says the Feds didn’t extradite him; they kidnapped him. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/133
A daily look at the relevant information security news from overnight.Episode 189 - 05 November 2019rConfig unpatched - https://threatpost.com/critical-rce-flaw-in-rconfig/149847/Nemty’s new ride - https://www.technadu.com/nemty-ransomware-delivered-through-trik-botnet/84155/BitPaymer hits Spain - https://www.zdnet.com/article/ransomware-hits-spanish-companies-sparking-wannacry-panic/Android bad beam - https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/Alexa, Siri, beam me up! - https://threatpost.com/alexa-siri-google-smart-speakers-hacked-via-laser-beam/149860/
10/11/19 D-Link Router; Zombie Code; Unpatched VPNs; Internet Weather
Organization continue to have ageing vulnerabilities remained unpatched and its serious problem that need solution that are effective to reduce the time that vulnerability discovered and patched. Listen to the four key strategic recommendations. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/future-of-cybersecurity/message
This week, we discuss a security flaw affecting 1Password, Dashlane, KeePass and LastPass; the prevalence of historic vulnerabilities in corporate IT systems; the increase in formjacking attacks; and Wendy's $50 million data breach settlement.
Equifax: the worst breach ever. You asked for it, and Alia and Bob are (finally!!) on board. Unpatched patches. Passwords stored in plain-text. 145 million people in danger. The Equifax breach is a perfect storm of bad decisions. Coming March 4, Alia and Bob will dive into how hackers stole *the most valuable data* of 145 million Americans, why it matters, and what we can do about it. The Yahoo breach was a spy movie, but this one is about YOU. This time around, we’ll be dropping six shorter episodes, released weekly starting March 4. Subscribe now so you don’t miss out! And tell all your friends!
In today’s CyberWire, we hear that US Intelligence Community leaders testify that the major cyber threat comes from Russia, China, North Korea, and Iran. Iran’s APT39 takes an interest in PII. A UAE surveillance program is revealed. Hackers scanning for unpatched Cisco routers. What Huawei faces, in addition to fines. The FaceTime bug and responsible disclosure. Facebook was paying people to pwn their phones. Scam artists exploit a small disabled girl. And the Government shutdown’s mixed effect on cybersecurity. Craig Williams from Cisco Talos on Pylocky, a ransomware strain they’ve been tracking. Guest is Mark Orlando from Raytheon on safeguarding online information. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_30.html Support our show
US Government Shutdown leaves dozens of .Gov sites vulnerable, Firefox 69 to disable Adobe Flash, an Unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security joins us for expert commentary on how the Boston Hospital Attacker was sentenced to 10 years in prison! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode203 Visit http://hacknaked.tv to get all the latest episodes!
This week, US Government shutdown leaves dozens of .gov sites vulnerable, Firefox 69 to disable Adobe Flash, an unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security joins us for expert commentary on how the Boston Hospital Attacker was sentenced to 10 years in prison, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode203 Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, US Government shutdown leaves dozens of .gov sites vulnerable, Firefox 69 to disable Adobe Flash, an unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security joins us for expert commentary on how the Boston Hospital Attacker was sentenced to 10 years in prison, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode203 Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
In today’s podcast, we hear warnings of Russian recon “degradation” of the North American power grid. Information operations in Russia’s hybrid war against Ukraine. Factions in Yemen’s civil war contest cyberspace (and fiber optic cables). Eternal Silence exploits systems not patched against EternalBlue and EternalRed. Dell tells its customers to reset their passwords. And the US indicts two Iranians for deploying the SamSam ransomware. Emily Wilson from Terbium labs with unintended consequences of GDPR. Guest is Francis Dinha, founder and CEO of OpenVPN, discussing the VPN landscape. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_29.html Support our show
In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigation of tech's role in influence operations and public discourse continue. So do concerns about election security. Unpatched MikroTik routers are being exploited in the wild. OilRig shows some new tricks. Joe Carrigan from JHU ISI on biometric scanners tagging travelers at the border. Guest is Robert Anderson from the Chertoff Group with insights on the encryption debate. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_06.html
In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Confucius, Patchwork, and Bahamut campaigns. Air Canada suffers a breach. Criminal threats to power grids. And searching for search engine optimization in all the wrong places. Jonathan Katz from UMD on flaws in Intel processors’ secure enclave. Guest is Fred Kneip from CyberGRX on third party risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_29.html
In today's podcast we hear that Equifax CEO Smith has joined the company's CSO and CIO in retirement, apparent expiation for the credit bureau's breacn. Deloitte remains tight-lipped. Suggestions about how to handle identity and investigate breaches. Mac OS High Sierra suffers from a password exfiltration zero-day. Joe Carrigan discusses Dave's skepticism of password managers. Stephen Moore from Exabeam on post-breach cleanup. Two days after Germany's elections and the Russian dog hasn't barked (or the Bears growled) but there are plenty of 2016 paw prints over US opinion. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .
Unpatched systems caught in latest ransomware attack two Aussie companies affected Google will stop scanning Gmail to create targeted ads US woman shoots boyfriend in YouTube stunt Apple releases first public beta of iOS 11 iPhone Anniversary Edition gives analysts pre-party jitters Foxtel seeks to block changing pirate sites Virus halts speed red light fines in Vic Google faces record EU antitrust fine of more than $1.4 billion Nintendo announces mini Super Nintendo console with stellar line-up of classic games Opal card implanted in skin: Sydney transport bosses threaten to deactivate card Nokia’s revamped 3310 was just the start of a new push from the company to attract customers London Metropolitan Police's 18 000 Windows XP PCs Is a Disaster Waiting To Happen Researchers Create New Probiotic Beer That Boosts Immunity --- Send in a voice message: https://anchor.fm/aussietechheads/message
Unpatched systems caught in latest ransomware attack two Aussie companies affected Google will stop scanning Gmail to create targeted ads US woman shoots boyfriend in YouTube stunt Apple releases first public beta of iOS 11 iPhone Anniversary Edition gives analysts pre-party jitters Foxtel seeks to block changing pirate sites Virus halts speed red light fines in Vic Google faces record EU antitrust fine of more than $1.4 billion Nintendo announces mini Super Nintendo console with stellar line-up of classic games Opal card implanted in skin: Sydney transport bosses threaten to deactivate card Nokia’s revamped 3310 was just the start of a new push from the company to attract customers London Metropolitan Police's 18 000 Windows XP PCs Is a Disaster Waiting To Happen Researchers Create New Probiotic Beer That Boosts Immunity
Show Notes Episode 14: 5/22/2017 WannaCry, Google IO, Microsoft Build, and IBM Cancels Work from Home Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, […] The post Buffer Overflow: Go Run Windows XP Unpatched on the Internet appeared first on Anexinet.
In today's podcast, we learn that the BND may have been listening to the BBC, but not in a good way. Cylance reports on Snake Wine, a curiously familiar vintage sniffed in Japanese networks. Singapore's military sustains a phishing campaign without sustaining apparent damage. Google discloses more unpatched Microsoft vulnerabilities, these in IE and Edge browsers. Criminals claim to have exploited Cloudbleed, but the jury's still out. Joe Carrigan from the Johns Hopkins University's Information Security Institute helps us understand Cloudbleed. Steven Grossman from Bay Dynamics reviews New York State's newly enacted cyber regulations. And watch your language around those networked stuffed animals.