Podcasts about volt typhoon

  • 91PODCASTS
  • 197EPISODES
  • 35mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • May 21, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about volt typhoon

Latest podcast episodes about volt typhoon

@BEERISAC: CPS/ICS Security Podcast Playlist
The One-Way Street of Digital Transformation: OT Cybersecurity with Nozomi's Edgard Capdevielle

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 21, 2025 20:24


Podcast: Cyber Focus (LS 24 · TOP 10% what is this?)Episode: The One-Way Street of Digital Transformation: OT Cybersecurity with Nozomi's Edgard CapdeviellePub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this special RSA Conference edition of Cyber Focus, host Frank Cilluffo sits down with Edgard Capdevielle, President and CEO of Nozomi Networks, to unpack the evolving landscape of operational technology (OT) cybersecurity. Together, they explore how digital transformation and the convergence of IT and OT are reshaping the threat environment for critical infrastructure. Capdevielle outlines the three major phases of the OT security market, reflects on the role of AI and legacy systems, and explains why visibility remains foundational to cybersecurity. The conversation also highlights the growing risk from nation-state actors, the breakdown of air gap assumptions, and the tangible steps owner-operators must take to build resilience. Main Topics Covered: Defining the three phases of OT cybersecurity market maturity The impact of digital transformation and IT/OT convergence Why visibility remains the top concern for infrastructure operators The role of AI in passive detection and firmware profiling Nation-state threats, air gap fallacies, and Volt Typhoon's implications Practical steps for operators to improve risk visibility and resilience Key Quotes: “Digital transformation is a one-way street. We're only going to automate more — automate everything — and IT and OT are only going to converge more.” — Edgard Capdevielle “You cannot protect what you can't see. So having a layer of visibility is number one.” — Edgard Capdevielle “Air gapping has been our number one enemy because it's not real… It's brought a level of comfort that is not good for us.” — Edgard Capdevielle Relevant Links and Resources: Nozomi Networks Guest Bio: Edgard Capdevielle is President and CEO of Nozomi Networks, a global leader in OT and IoT cybersecurity. He has a background in computer science and more than two decades of experience in cybersecurity and enterprise technology. Prior to joining Nozomi in 2016, he held leadership roles at Imperva and EMC (including post-acquisition work with Data Domain) and has served as an investor and advisor to several successful startups in the security space.The podcast and artwork embedded on this page are from McCrary Institute, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Percepticon.de
48 WTF sind chinesische Cyber-Operationen und Chinas Cyberstrategie?

Percepticon.de

Play Episode Listen Later May 15, 2025 43:12


IIn dieser Podcastfolge beleuchte ich die vielschichtige Welt chinesischer Cyberangriffe und erkläre, wie Chinas Cyberstrategie gezielt Wirtschaft, Politik und Militär im In- und Ausland beeinflusst. Du erfährst, wie Wirtschaftsspionage und technologische Wissensübertragung zentrale Ziele sind – gestützt durch nationale Programme wie „Made in China 2025“ und ambitionierte Fünfjahrespläne. Wir sprechen über die Rolle der Volksbefreiungsarmee (PLA) und neu geschaffener Cyber-Einheiten, die mit modernsten Methoden kritische Infrastrukturen angreifen. Anhand realer Beispiele wie den Operationen APT1, Volt Typhoon und Salt Typhoon zeige ich, wie chinesische Hackergruppen mit ausgefeilten Techniken westliche Unternehmen und Regierungen infiltrieren. Außerdem analysiere ich aktuelle Trends: Von gezielten, schwer erkennbaren Angriffen über den Einsatz von Zero-Day-Exploits bis hin zu Outsourcing an private Dienstleister. Du erfährst, wie China mit strengen Gesetzen und zentralisierter Kontrolle seine Cyberfähigkeiten stetig ausbaut – und warum gerade Deutschland dringend handeln muss, um sich vor chinesischen Cyberangriffen zu schützen. Shownotes Jon Lindsay et. Al., China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain, https://www.jonrlindsay.com/china-and-cybersecurity APT1 Exposing One of China's Cyber Espionage Units, https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf The 14th Five-Year Plan of the People's Republic of China—Fostering High-Quality Development, https://www.adb.org/publications/14th-five-year-plan-high-quality-development-prc China's Massive Belt and Road Initiative, https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative “Here to stay” – Chinese state-affiliated hacking for strategic goals, https://merics.org/en/report/here-stay-chinese-state-affiliated-hacking-strategic-goals China's New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days, https://breakingdefense.com/2021/09/chinas-new-data-security-law-will-provide-it-early-notice-of-exploitable-zero-days/#:~:text=WASHINGTON%3A%20China's%20new%20Data%20Security,technologies%20used%20by%20the%20Defense China's Expanding Cyber Playbook, https://dgap.org/en/research/publications/chinas-expanding-cyber-playbook U.S. Hunts Chinese Malware That Could Disrupt American Military Operations, https://www.nytimes.com/2023/07/29/us/politics/china-malware-us-military-bases-taiwan.html China is turning to private firms for offensive cyber operations, https://www.defenseone.com/threats/2024/06/china-turning-private-firms-offensive-cyber-operations/397767/ China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon' Cyberattack, https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 Top U.S. Cybersecurity Official: China Attacks on American Infrastructure ‘Tip of the Iceberg', https://www.thecipherbrief.com/top-u-s-cybersecurity-official-china-attacks-on-american-infrastructure-tip-of-the-iceberg Jen Easterly on Linkedin: https://www.linkedin.com/posts/jen-easterly_follow-up-chinas-cyber-program-presents-activity-7292191131293892612-uhFW China has debuted its new landing barges – what does this mean for Taiwan? https://www.theguardian.com/world/2025/mar/20/china-landing-barges-shuqiao-ships-what-does-this-mean-for-taiwan BSI Hafnium Warnung, https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-197772-1132.pdf?__blob=publicationFile&v=8 Timecodes 1:00 1) Übersicht über Chinas offensiver Cyber-Strategie 02:00 Wirtschaftsspionage  04:03 APT 1 07:20 Snowden Leaks 08:03 Militärische Cyberwarfarestrategie: Meisterschaft des ersten Schlages 10:58 Überwachung 12:11 2) Chinas Cybersicherheitsarchitektur 13:30 Volksbefreiungsarmee, PLA 17:11 Cyber Milizen & Civil & Military Fusion 18:10 Ministerium für Staatssicherheit 19:08 iSoon

The Wright Report
08 MAY 2025: Trump's Mystery Announcement: Two Possibilities // Biden Lies About the Gaza Pier Debacle // US Spies Head to Greenland // Good News on Fighting China's Cyber Hacks and Hypersonics

The Wright Report

Play Episode Listen Later May 8, 2025 26:52


Donate (no account necessary) | Subscribe (account required) Join Bryan Dean Wright, former CIA Operations Officer, as he breaks down today's biggest stories shaping America and the world. Trump's Mystery Announcement: Gaza Takeover or Drug Price War? – Trump hints at an “earth-shattering” reveal, with two possible bombshells emerging: a U.S.-led interim government in Gaza after Israel's offensive, or a sweeping executive order to slash prescription drug prices by tying them to international rates. Biden's Gaza Pier Scandal Much Worse Than Reported – A Pentagon IG report reveals 62 U.S. troops were injured and one killed in Biden's failed Gaza pier mission, far more than the three injuries publicly disclosed. The $230M humanitarian project was poorly planned and politically motivated, according to insiders. U.S. Spies Ordered to Target Greenland – Trump instructs the CIA and NSA to gather intel on Greenland's leadership and sway local officials to favor a Compact of Free Association with the U.S. The effort, driven by Arctic security concerns, aims to counter rising Chinese and Russian military activity in the region. DARPA Deploys AI to Defend U.S. Infrastructure – In a response to Chinese cyber threats like Volt Typhoon, the Pentagon launches a high-stakes AI competition this summer to secure American utilities and critical infrastructure. U.S. Hypersonic Weapons Testing Breakthrough – A successful test of the reusable Talon-A2 hypersonic aircraft marks a major step forward for U.S. missile defense and offense. The vehicle hit Mach 5 speeds, helping the U.S. catch up to China and Russia in this vital arms race. "And you shall know the truth, and the truth shall make you free." - John 8:32

Risky Business
BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs

Risky Business

Play Episode Listen Later May 6, 2025 49:44


In this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about: The latest developments in the Signalgate scandal Why America needs to be more aggressive in responding to Volt Typhoon How tariffs are affecting American alliances Why the Five Eyes alliance is sacrosanct This episode is available on Youtube Show notes

Security Conversations
Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security

Security Conversations

Play Episode Listen Later Apr 25, 2025 93:42


Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. Cast: Thomas Rid (https://sais.jhu.edu/users/trid2), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) and Ryan Naraine (https://twitter.com/ryanaraine). Costin Raiu (https://twitter.com/craiu) is away this week.

Security Conversations
China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles

Security Conversations

Play Episode Listen Later Apr 17, 2025 99:19


Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

FDD Events Podcast
Persistent Access, Persistent Threat: Ensuring Military Mobility Against Malicious Cyber Actors

FDD Events Podcast

Play Episode Listen Later Apr 17, 2025 71:30


The U.S. military has a vested interest in the security of the nation's critical transportation infrastructure. During a conflict, America's adversaries are likely to attack U.S. critical infrastructure in an attempt to constrain Washington's policy options, including its capacity to mobilize the armed forces. Over the past year, the intelligence community has revealed how deeply Chinese hackers known as Volt Typhoon penetrated U.S. transportation, energy, and water systems. Meanwhile, other Chinese Communist Party (CCP) malicious cyber operations, including Flax Typhoon, hijacked cameras and routers. Salt Typhoon burrowed deep into U.S. telecommunications networks; Silk Typhoon compromised U.S. Treasury networks.These hacks have uncovered a dangerous truth: the cybersecurity of the critical air, rail, and maritime infrastructure that underpins U.S. military mobility is insufficient. In addition to enabling disruption, compromising critical infrastructure would allow U.S. adversaries to amass information about the movement of goods and military equipment – and impede America's ability to deploy, supply, and sustain large forces.To explore these themes and more, the Foundation for Defense of Democracies hosts Gen. (Ret.) Mike Minihan, former commander, Air Mobility Command; RADM (Ret.) Mark Montgomery, senior director, FDD's Center on Cyber and Technology Innovation; and Annie Fixler, director and research fellow, FDD's Center on Cyber and Technology Innovation. The conversation is moderated by Bradley Bowman, senior director, FDD's Center on Military and Political Power.For more, check out: https://www.fdd.org/events/2025/04/17/persistent-access-persistent-threat-ensuring-military-mobility-against-malicious-cyber-actors/

IT Privacy and Security Weekly update.
EP 238.5 Deep Dive - The IT Privacy and Security 'Times Are a Changin' Weekly Update for the Week Ending April15th., 2025

IT Privacy and Security Weekly update.

Play Episode Listen Later Apr 17, 2025 16:57


What personal information was compromised in the Hertz breach?The breach exposed customer names, birth dates, contact info, driver's licenses, payment cards, and some Social Security numbers. It stemmed from a cyberattack on Cleo, a third-party vendor previously targeted in a mass-hacking campaign.How is air travel changing, and what are the privacy implications?ICAO aims to replace boarding passes with digital travel credentials using facial recognition and mobile passport data. While data is reportedly deleted quickly, the expansion of biometric surveillance raises major privacy and security concerns.Why is the EU giving staff burner phones for U.S. trips?To mitigate potential U.S. surveillance risks, the EU is issuing burner phones to officials visiting for IMF/World Bank meetings—echoing similar precautions for China and Ukraine. It signals growing distrust in transatlantic cybersecurity.How are North Korean hackers using LinkedIn?Groups like Lazarus use fake recruiter profiles to trick targets into opening malware-laden job materials. These campaigns steal credentials and crypto, funding North Korea's sanctioned activities and highlighting the rise of social engineering threats.Why is Let's Encrypt shortening TLS certificate lifespans?Let's Encrypt now issues 6-day certificates, down from 90. Benefits include improved security and automation; drawbacks involve more frequent renewals, which could create dependency on issuing infrastructure.What is the "Smishing Triad" targeting now?This group has moved from fake delivery texts to targeting banks via iMessage and RCS phishing. They steal banking info to load stolen cards into mobile wallets, illustrating more advanced and lucrative phishing tactics.What's the significance of China acknowledging U.S. infrastructure hacks?China's tacit admission of involvement in Volt Typhoon cyberattacks marks a shift in tone. The U.S. sees these as strategic signals, intensifying concerns about critical infrastructure security amid geopolitical tension.What is Android's new auto-reboot security feature?Android phones will now reboot automatically after three days of inactivity. This clears memory, closes apps, and requires re-authentication—reducing the risk of unauthorized access.

Risky Business News
Srsly Risky Biz: Trump vs Krebs and the sound of silence

Risky Business News

Play Episode Listen Later Apr 17, 2025 15:11


Tom Uren and Patrick Gray discuss Trump's order singling out Chris Krebs, former head of CISA, that requires investigations into Krebs and also punishes his employer. It is a move deliberately designed to chill dissent and they look at what the cyber security industry will likely do in response, which is probably not much. The pair also discuss what is being interpreted as an admission that Chinese senior leadership is behind the Volt Typhoon hacking of US critical infrastructure. This episode is also available on Youtube. Show notes

China Insider
China Insider | Fatal EV Crash in Anhui, China Invokes Mao in Tariff Response, and Chinese Cyberattacks on US Infrastructure

China Insider

Play Episode Listen Later Apr 15, 2025 24:03


In this week's episode of China Insider, Miles Yu investigates the recent fatal crash involving the Xiaomi SU7 EV that left three university students dead while the autonomous navigation system was activated. Next, we discuss China's Ministry of Foreign Affair's response to increased U.S. tariffs and what the invocation of Maoist rhetoric means as trade tensions escalate between the two countries. Lastly, Miles analyzes the Volt Typhoon cyberattack efforts against critical U.S. infrastructure, and what this series of widespread attacks means for a potential future conflict involving Taiwan.China Insider is a weekly podcast project from Hudson Institute's China Center, hosted by China Center Director and Senior Fellow, Dr. Miles Yu, who provides weekly news that mainstream American outlets often miss, as well as in-depth commentary and analysis on the China challenge and the free world's future.

Threat Talks - Your Gateway to Cybersecurity Insights
Inside Volt Typhoon: China's Silent Cyber Threat

Threat Talks - Your Gateway to Cybersecurity Insights

Play Episode Listen Later Apr 15, 2025 34:01


What happens when a cyber threat actor doesn't want to make headlines? Volt Typhoon, a state-sponsored group tied to the People's Republic of China, has been quietly infiltrating Western critical infrastructure, staying under the radar by avoiding malware, using native tools, and taking things slow.  In this episode of Threat Talks, Lieuwe Jan Koning is joined by Rob Maas and Luca Cipriano to break down how these attackers operate and what their endgame might be. 

The Tara Show
China Admits Cyber War on America: The Story Everyone's Ignoring

The Tara Show

Play Episode Listen Later Apr 14, 2025 10:43


While America's eyes are elsewhere, a bombshell Wall Street Journal report reveals China has openly admitted to cyberattacks on critical U.S. infrastructure — water systems, ports, airports, even nuclear plants. In a secret December meeting, Chinese officials confessed to launching the series of attacks known as Volt Typhoon as punishment for U.S. support of Taiwan. The Biden administration's stunned reaction, Trump's shaky response, and the media's silence raise urgent questions: Are we already under digital siege? And can we afford to keep letting our enemy build the tech our lives depend on?

The CyberWire
CISA shrinks while threats grow.

The CyberWire

Play Episode Listen Later Apr 11, 2025 32:06


CISA braces for widespread staffing cuts. Russian hackers target a Western military mission in Ukraine. China acknowledges Volt Typhoon. The U.S. signs on to global spyware restrictions. A lab supporting Planned Parenthood confirms a data breach. Threat actors steal metadata from unsecured Amazon EC2 instances. A critical WordPress plugin vulnerability is under active exploitation. A new analysis details a critical unauthenticated remote code execution flaw affecting Ivanti products. Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, with his take on "Vibe Security." Does AI understand, and does that ultimately matter?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, discussing "Vibe Security," similar to “Vibe Coding” where security teams overly rely on AI to do their job. Selected Reading Trump administration planning major workforce cuts at CISA (The Record) Cybersecurity industry falls silent as Trump turns ire on SentinelOne (Reuters) Russian hackers attack Western military mission using malicious drive (Bleeping Computer) China Admitted to US That It Conducted Volt Typhoon Attacks: Report (SecurityWeek) US to sign Pall Mall pact aimed at countering spyware abuses (The Record) US lab testing provider exposed health data of 1.6 million people (Bleeping Computer) Amazon EC2 instance metadata targeted in SSRF attacks (SC Media) Vulnerability in OttoKit WordPress Plugin Exploited in the Wild (SecurityWeek) Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed (Cyber Security News) Experts Debate: Do AI Chatbots Truly Understand? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 11, 2025 5:34


Network Infraxploit Our undergraduate intern, Matthew Gorman, wrote up a walk through of CVE-2018-0171, an older Cisco vulnerability, that is still actively being exploited. For example, VOLT TYPHOON recently exploited this problem. https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844 Windows Update Issues / Windows 10 Update Microsoft updated its "Release Health" notes with details regarding issues users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update. https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521 https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5 Dell Updates Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem. https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248 Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL. https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

Smashing Security
Peeping perverts and FBI phone calls

Smashing Security

Play Episode Listen Later Mar 20, 2025 35:13


In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California landlord's hidden camera scandal. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:This is the FBI, open up. China's Volt Typhoon is on your network - The Register.Landlord recorded nude videos of woman tenant with cameras hidden in bedroom smoke detectors, lawsuit says - The Independent.Landlord arrested after tenant discovers hidden camera in rented room - PBSO.Hidden Cameras: What Travelers Need to Know - The New York Times.Shakespeare insults t-shirt - Royal Shakespeare Company.OAS Exhibitions - Oxford Art Society.Carole's “Rusty Sage” - Bluesky.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world's most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the

Today in Health IT
UnHack (the News): Knowing Your Cyber Threats and X Takedown Impact with Troy Ament

Today in Health IT

Play Episode Listen Later Mar 19, 2025 17:46 Transcription Available


March 19, 2025: Troy Ament, Industry Leader for Healthcare at Palo Alto Networks Joins Drex for the News. The conversation delves into the importance of establishing relationships with law enforcement before a crisis occurs and why including them in tabletop exercises is crucial. Troy examines why threat actors deliberately target healthcare systems during weekend hours when staffing is minimal. From DDoS attacks serving as distractions to threat actors contacting board members directly, this episode provides an insider's view of today's cybersecurity landscape.Key Points:03:03 The FBI and Cyber Threats07:36 Ransomware Attack Patterns12:31 Distributed Denial of Service (DDoS) Attacks15:52 Personal and Organizational CybersecurityNews Articles:This is the FBI, open up. China's Volt Typhoon is on your networkInvestigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcementX suffered a DDoS attack. Its CEO and security researchers can't agree on who did it.Subscribe: This Week HealthTwitter: This Week HealthLinkedIn: This Week HealthDonate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Computer Talk with TAB
Computer Talk 3-15-25 Hr 1

Computer Talk with TAB

Play Episode Listen Later Mar 15, 2025 40:40


Click-Fix Phish, Volt Typhoon lurking in electric company more than 300 days, Do we want AI to make Medical decisions yet? AI Search getting it wrong 60% of the time, EZPAss Scam, Consequences of Technology, Alternative to M365, Communication issues with Adobe issue with my Scanner, Do Scammers look at search history?

Paul's Security Weekly
AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland... - SWN #459

Paul's Security Weekly

Play Episode Listen Later Mar 14, 2025 29:09


AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-459

Paul's Security Weekly TV
AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland... - SWN #459

Paul's Security Weekly TV

Play Episode Listen Later Mar 14, 2025 29:09


AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-459

Hack Naked News (Audio)
AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland... - SWN #459

Hack Naked News (Audio)

Play Episode Listen Later Mar 14, 2025 29:09


AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-459

Hack Naked News (Video)
AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland... - SWN #459

Hack Naked News (Video)

Play Episode Listen Later Mar 14, 2025 29:09


AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-459

The CyberWire
FCC draws the line on Chinese tech threats.

The CyberWire

Play Episode Listen Later Mar 13, 2025 34:33


The FCC looks to counter Chinese cyber threats. Turmoil at CISA. Volt Typhoon infiltrated a power utility for over 300 days. Europe takes the lead at Ukraine's annual cyber conference. Facebook discloses a critical vulnerability in FreeType. A new Android spyware infiltrated the Google Play store. Our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. A UK hospital finds thousands of unwelcome guests on their network.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. Selected Reading US communications regulator to create council to counter China technology threats (Financial Times) ‘People Are Scared': Inside CISA as It Reels From Trump's Purge (WIRED) CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts (The Record) Arizona Secretary of State Proposes Alternative to Defunded National Election Security Program (Democracy Docket) China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (SecurityWeek) Chinese cyberspies backdoor Juniper routers for stealthy access (Bleeping Computer) At Ukraine's major cyber conference, Europe takes center stage over US (The Record) Facebook discloses FreeType 2 flaw exploited in attacks (Bleeping Computer) New North Korean Android spyware slips onto Google Play (Bleeping Computer) NHS Trust IT head: ‘Our attack surface was much bigger than we thought' (Computing) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Botnet's back, tell a friend. [Research Saturday]

The CyberWire

Play Episode Listen Later Mar 8, 2025 22:47


This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

Research Saturday
Botnet's back, tell a friend.

Research Saturday

Play Episode Listen Later Mar 8, 2025 22:47


This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

Risky Business
Risky Business #782 -- Are the USA and Russia cyber friends now?

Risky Business

Play Episode Listen Later Mar 5, 2025 50:12


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Did the US decide to stop caring about Russian cyber, or not? Adam stans hard for North Korea's massive ByBit crypto-theft Cellebrite firing Serbia is an example of the system working Starlink keeps scam compounds in Myanmar running Biggest DDoS botnet yet pushes over 6Tbps This week's episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon. This episode is also available on Youtube. Show notes Sygnia Preliminary Bybit Investigation Report Verichains Bybit Incident Investigation Preliminary Report North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News Risky Bulletin: Trump administration stops treating Russian hackers as a threat - Risky Business Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated) Russia to redeploy resources freed up by end of war in Ukraine, warns Finnish intelligence | The Record from Recorded Future News FBI urges crypto community to avoid laundering funds from Bybit hack | The Record from Recorded Future News Risky Bulletin: Cellebrite bans bad boy Serbia - Risky Business Belgium probes suspected Chinese hack of state security service | The Record from Recorded Future News Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US | The Record from Recorded Future News Elon Musk's Starlink Is Keeping Modern Slavery Compounds Online | WIRED U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security Google Password Manager finally syncs to iOS—here's how - Ars Technica Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms | Cybersecurity Dive Microsoft-signed driver used in ransomware attacks | Cybersecurity Dive London member of ‘Com' network convicted of making indecent images of children | The Record from Recorded Future News Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight

NatSec Tech
Episode 68: Rob Joyce on Chinese Cyber Threats

NatSec Tech

Play Episode Listen Later Feb 12, 2025 33:03


Rob Joyce, founder of Joyce Cyber LLC, joins Jeanne Meserve for a critical conversation on the latest Chinese cyber threats, including Volt Typhoon, Salt Typhoon, and the TP-Link router vulnerability. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scsp222.substack.com

GovCast
AFCEA West: Adapting Naval Cyber Command to Evolving Threats

GovCast

Play Episode Listen Later Jan 29, 2025 12:14


Countering adversaries in the cyber domain requires the Navy to harness information at the speed of technological innovation. During AFCEA West in San Diego, California, Vice Adm. Craig Clapperton, commander of U.S. Fleet Cyber Command and Navy Space Command, discussed how he is approaching the evolving landscape of cyber threats and developing strategies to counter them in his dual-hat role. From recent cyber incidents like SolarWinds and Volt Typhoon, to the role of emerging technologies like AI, Clapperton dives into the complexities of modern cyber warfare and explains how he's eyeing collaboration with industry partners and allies, recruiting top cyber talent and staying ahead of adversaries in a rapidly changing digital environment.

RIMScast
Data Privacy and Protection with CISA Chief Privacy Officer James Burd

RIMScast

Play Episode Listen Later Jan 28, 2025 43:19


Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches.   Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week's theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA's privacy, external civil rights, civil liberties, and transparency programs. [3:46] We're going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd's primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it's by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency's operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it's CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA's international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That's part of the risk manager's job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don't collaborate up front, you have to collaborate later, as a result of your emergency. That's not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner's point of view. It doesn't make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA's. NIST can see what works or doesn't work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They've been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident.  [14:35] There's no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there's a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People's Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They're one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:39] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:55] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:07] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:20] Let's Return to My Interview with James Burd of the Cyber Infrastructure Security Agency!   [17:42] Whether talking about AI, IoT, or 5G, the issues are hardware problems and software problems. [18:02] The issues of the 1970s are similar to the issues of the 2020s, regarding vulnerabilities, exposure, and unsafe practices when developing software and hardware. [18:20] What we're seeing in the emerging technology space with AI, IoT, and 5G is an increase in the volume and velocity of data. The improvement of technology in this space is based on power and efficiency. Software improvement is based on the reach of interconnectivity. [18:34] Privacy and cybersecurity risks do not just appear. We're seeing existing risks and issues increasing in size and complexity. What we previously thought of as a perceived risk is now a real risk, thanks to advances in computational power and the amount of data available. [18:54] It's always been a risk but it was less likely to occur until this point where there's more data, more volume, and more complexity. AI systems rely on a vast amount of personal data, raising concerns about data security, algorithmic bias, and a lack of transparency. [19:11] We've heard about these risks with machine learning and big data databases. They require governance frameworks that address how data is collected, stored, and used in systems, or, in this case, AI models. [19:28] Those frameworks should be familiar to anyone working in the data protection space or the risk management space for the last three decades. Insurers getting into the cybersecurity space have been paying stark attention to this. [19:58] We've found out that IoT devices are probably the easiest and most risky entrance points within networks into homes and critical infrastructure devices. The biggest risks they create are unauthorized access, data breaches, and potential surveillance. [20:19] These are not new risks. They're existing risks that are promulgated because of the new avenue to get in. It used to be that the worst thing that could happen to an IoT device like a router is that it gets compromised and becomes part of a botnet to take down websites. [20:38] Today, that still happens, but that IoT device is looked at as the back door for entering someone's network if it's not properly secured. [20:49] In itself, 5G is awesome. There are fantastic things to do with increased data flow. With increased speed and connectivity come the ability to move more data at a time and we're facing data being transferred in an insecure manner. People don't know what data they're sharing. [21:15] We're running into the same classic issues but they're exacerbated by something we view as a major success, access. Access should be celebrated but we shouldn't open doors because we can open them. We need to be able to make sure those doors are secured. [21:48] James paraphrases Mark Groman, a privacy expert formerly with the FTC. “Privacy and cybersecurity are sometimes viewed as competing priorities. They are two sides of the same coin. I refuse to live in a world where you compromise security for privacy or vice versa.” [22:11] We live in a world where you can have both. The great thing about advancing technologies is that we can do both. Both cybersecurity and privacy aim to protect sensitive data and systems, just from slightly different angles and for different reasons. [22:31] There has to be a collaborative approach between cybersecurity and privacy. An intermediary like a risk professional can help cybersecurity and privacy teams work together. [22:41] By leveraging things privacy-preserving technologies and designing privacy into cybersecurity measures, organizations can bridge the gap and achieve harmony between the two essential functions. This strengthens the organization and its overall risk management. [22:58] When a risk is realized in one area, it's common for it to be a harmonious risk with another risk in a different area. In the privacy and cybersecurity space, risks overlap often. Conflicts between cybersecurity and privacy are easily bridged. [23:24] Cybersecurity professionals want to collect more data; privacy professionals want you to minimize the amount of data you collect. [23:34] Cybersecurity relies on extensive data collection to detect, monitor, and respond to threats. Privacy wants to collect only what's necessary and maintain it for a minimum time. [23:46] Security monitoring tools like intrusion detection systems may gather logs or metadata that could include personal data, creating potential privacy risks, especially for an insider threat. [24:00] Organizations can implement privacy-aware cybersecurity solutions that anonymize or pseudo-anonymize data where possible, allowing cybersecurity professionals to get to the root of the problem they're trying to solve while masking sensitive data. [24:13] If you're investigating an insider threat, you can unmask the data. Do you need that data to do the job that you're tasked to do? If not, why run the risk of inappropriately accessing it? [24:53] Privacy frameworks will always encourage transparency about data usage and sharing, especially by private entities doing consumer business and handling personal information. [25:07] The public needs to know what you are collecting from them, how you are using it, and whether are you sharing it. They need to know if you are handling their data securely. [25:38] James would tell cybersecurity professionals that if they think obscurity is security, they should find another job. Obscurity is typically the worst way to secure things. [25:51] There are ways to describe how data is being held or secured by an organization without compromising the cybersecurity tools or techniques used to monitor or look for vulnerabilities. [26:03] Transparency can be maintained without compromising security and can be used in a way to assure the public that an organization is keeping serious security techniques in mind when handling the public's data. James tells how to share that message with the public. [27:08] When James opens software, he reads the Third Party Agreements. He knows most people don't. Government agencies include a plain language version of the agreement. Some private companies are doing the same to help people understand how their data is being used. [28:40] Quick Break for RIMS Plugs! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through August 6th, 2025. [28:58] This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world! Also known as the Risk Management Roundup in San Antonio, you can join as a speaker!  [29:11] The Conference planning committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trending now sessions. [29:28] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [29:39] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [29:58] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:20] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [30:30] Let's Return to the Conclusion of My Interview with the Chief Privacy Officer of CISA, James Burd! [31:00] A lot of ERM frameworks exist because they were required by regulation or law. [31:10] Privacy professionals are starting to see the same risks that risk management and compliance professionals have been dealing with for decades. The big tools that privacy professionals use are called Data Privacy Impact Assessments (DPIA). [31:29] DPIAs vary, depending on the regulatory framework or law. DPIAs do two things: they identify what data assets you have and they examine the risks that are associated with the handling of those data assets and what mitigations must be in place to buy down those risks. [31:48] That assessment can populate half of an ERM framework's register. Getting involved with your privacy program manager as they do these DPIAs may first cause the privacy program manager to resist your risk assessment, but a risk in one space is a risk in another space. [32:21] The DPIA is a valuable source of information for a risk manager. You can see the risks earlier. You can identify with the privacy program manager what some of the major risks might become. That means both realized and unrealized risks, which are equally important. [33:06] A privacy program manager will be preoccupied with a lot of the perceived risks. A risk manager wants to know which risks are more likely and identify them early. [33:40] A likelihood assessment will help the privacy officer identify how many “calories” to spend on this risk. The risk manager and privacy manager have a mutually beneficial relationship. They help each other. [34:17] CISA provides cybersecurity education, news on vulnerabilities and cyber threats, threat intelligence, and service to critical infrastructure providers once there is an incident of some sort. The CISA website shows cyber threat indicators of what a compromise might look like. [35:40] CISA has found novel patterns on networks that make it hard to tell that your network has been compromised. CISA calls those things “Left of Doom.” On the “RIght of Doom,” CISA prioritizes the incidents that it responds to. [36:02] CISA focuses primarily on critical infrastructure. If you have a situation CISA cannot respond to, they will assist you by a local field office to find the people to help you, whether it's law enforcement, local cyber security service providers, or a local Emergency Response Team. [37:03] Companies are involved in the California wildfires. Could an incident like that distract them that they might become susceptible to data breaches? James notes that you can't address every problem at the same time. Prioritize, rack, and stack. [37:17] Incidents are going to happen. CISA asks agencies and companies to take the time and spend the resources to knock out all the low-hanging fruit. The great majority of incidents CISA sees are bad actors exploiting very simple, easy-to-fix vulnerabilities. [37:55] It might be companies not using encrypted traffic, or only using a password to secure access to a server. The fix is relatively low cost or low impact. It takes time to figure out how to do the fix, but you'll be grateful that you took the time and spent the money to implement it. [38:24] The cost of a greater fix from the breach of a simple vulnerability will be far greater than the resources you'd spend to address it in the first place. Establishing that floor will help you focus on other “fires” that pop up while assuring you won't get “popped” for a silly reason. [38:49] If somebody's going to get you, make sure they've tried their hardest to get you. [38:58] It's Data Privacy Day today, as this episode is released! It's the start of Data Privacy Week! The theme is Take Control of Your Data!  [39:22] Robust privacy governance tips: Figure out where your data asset inventory is for your organization. Keep track of it and keep track of the risk associated with each data asset, Each data asset may have a different set of risks. [39:47] Every organization should maintain a comprehensive inventory of data assets, detailing what data is collected, where it is stored, who has access to it, and how it's used. [39:56] The risk professional probably isn't the one who takes the inventory, but they should have access to it and they should be evaluating that inventory.  [40:06] The risk professional can help the privacy manager by helping them establish clear policies and procedures for handling data, access control, and breach response, based on real risk. A privacy officer sometimes has difficulty identifying a real risk over a perceived risk. [40:23] By focusing on real risks, you avoid the problem where privacy officers spend too much energy coming up with solutions for the most unlikely scenarios, leaving organizations unprepared for what's likely to happen. [40:42] Special thanks again to James Burd of CISA for joining us here on RIMScast! There are lots of links about Data Privacy Day and Data Privacy Week in this episode's show notes. [40:54] Also see links to RIMS Risk Management magazine coverage of data privacy through the years and links to some RIMScast episodes that touch upon the topic. Be sure to tune into last week's episode with Tod Eberle of the Shadowserver Foundation on cyber risk trends of 2025! [41:18] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [41:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [42:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [42:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [42:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [42:53] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:00] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4-7. | Register today! RIMS Legislative Summit — March 19‒20, 2025 Cyber Infrastructure Security Agency National Cybersecurity Alliance | Data Privacy Week 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27, 2025 | Instructor: Elise Farnham “Managing Data for ERM” | March 12, 2025 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Cyberrisk Trends in 2025 with Shadowserver Alliance Director Tod Eberle” “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff”   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance”| Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: James Burd, Chief Privacy Officer, Cyber Infrastructure Security Agency (CISA)   Production and engineering provided by Podfly.  

Storm⚡️Watch by GreyNoise Intelligence
From Bans to Breaches: TikTok, PlugX, FortiGate, and Salt Typhoon

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Jan 21, 2025 56:02


Forecast: TikTok storm clears out as critical infrastructure takes a hit from FortiGate downpours. ‍ In this episode of Storm⚡️Watch, we explore the dramatic conclusion of TikTok's presence in the United States and its unexpected return. The saga, which began in 2019 with initial government scrutiny, culminated in a series of significant events in January 2025, including the Supreme Court's unanimous decision to uphold the federal ban law and TikTok's brief operational shutdown. We'll discuss the emergence of alternative platforms like Xiaohongshu (REDNote) in the U.S. market and examine recent security concerns, including Remy's investigation into potential backdoor vulnerabilities. The conversation then shifts to a major cybersecurity operation where the Justice Department and FBI successfully removed malware deployed by China-backed hackers using PlugX. We'll share insights from CISA Director Jen Easterly's recent comments on the Salt Typhoon campaign and their approach to tracking cyber threats. A significant portion of our discussion focuses on the FortiGate configuration leak incident. The Belsen Group's release of sensitive data from over 15,000 FortiGate devices has exposed critical infrastructure vulnerabilities across multiple countries. The leak, stemming from a 2022 authentication bypass vulnerability (CVE-2022-40684), primarily affected devices in Mexico and the UAE, with configuration files containing firewall rules, VPN credentials, and digital certificates being exposed. We wrap up with an analysis of recent Volt Typhoon activities and their implications for global cybersecurity, along with some suspicious thoughts from GreyNoise. This episode provides crucial insights into the evolving landscape of international cyber threats and the continuous challenges faced by security professionals worldwide. Storm Watch Homepage >> Learn more about GreyNoise >>  

RIMScast
Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver

RIMScast

Play Episode Listen Later Jan 21, 2025 35:23


Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware.   Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers.  [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024)   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Tod Eberle, Shadowserver Foundation   Production and engineering provided by Podfly.  

Security Conversations
Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln

Security Conversations

Play Episode Listen Later Jan 10, 2025 108:21


Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Big Take DC
The ‘Everything, Everywhere, All at Once' Cyber Threat

Big Take DC

Play Episode Listen Later Jan 8, 2025 13:34 Transcription Available


US intelligence officials say that a hacking campaign known as “Volt Typhoon” has the potential to disrupt critical infrastructure systems in Guam — a significant hub for the US military that holds particular importance in US-China relations. On today’s Big Take DC podcast, Bloomberg national security reporter Katrina Manson shares what she’s learned about the threat and how it could limit America’s ability to push back if China were to invade Taiwan. Read more: The US’s Worst Fears of Chinese Hacking Are on Display in GuamSee omnystudio.com/listener for privacy information.

Storm⚡️Watch by GreyNoise Intelligence
Chinese Hackers Strike Again: BeyondTrust & Salt Typhoon Breaches Expose Critical U.S. Infrastructure

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Jan 7, 2025 63:37


Forecast: Cyber conditions are turbulent with two major Chinese state-sponsored storms impacting U.S. infrastructure, with aftershocks expected into mid-January. ‍ In today's episode of Storm Watch, we cover two major cybersecurity incidents that have significantly impacted U.S. infrastructure. The BeyondTrust breach, initially discovered in early December 2024, involved a compromised Remote Support SaaS API key that allowed attackers to reset passwords and access workstations remotely. The Treasury Department was notably affected, with attackers accessing unclassified documents in the Office of Financial Research and Office of Foreign Assets Control. The incident exposed critical vulnerabilities, including a severe command injection flaw with a CVSS score of 9.8, and over 13,500 BeyondTrust instances remain exposed online. The conversation then shifts to the extensive telecommunications breaches known as the Salt Typhoon campaign, where Chinese state actors successfully infiltrated nine major U.S. telecom companies. This sophisticated espionage operation gained the capability to geolocate millions of individuals and potentially record phone calls, though actual communication interception was limited to fewer than 100 high-profile targets. The breach revealed shocking security lapses, such as a single administrator account having access to over 100,000 routers and the use of primitive passwords like "1111" for management systems. Major carriers including AT&T, Verizon, and Lumen Technologies were among the affected companies, with varying degrees of impact and response effectiveness. T-Mobile stands out for their quick detection and mitigation of the attack. In response to these incidents, the FCC is preparing to vote on new cybersecurity regulations by mid-January 2025, while the White House has outlined key areas for improvement including configuration management, vulnerability management, network segmentation, and enhanced information sharing across the sector. The episode wraps up with insights from recent Censys Rapid Response posts and the latest GreyNoise blog entry about profiling benign internet scanners in 2024, along with VulnCheck's analysis of the most dangerous software weaknesses and a discussion of the Four-Faith Industrial Router vulnerability being exploited in the wild. Storm Watch Homepage >> Learn more about GreyNoise >>  

Risky Business
Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations

Risky Business

Play Episode Listen Later Dec 13, 2024


In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOne's Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations. They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of China's Ministry of State Security and People's Liberation Army. It's a very dense hour of conversation! This podcast was recorded in front of an audience at the Museum of Contemporary Art in Sydney. This episode is also available on Youtube. Show notes

The Jerich Show Podcast
Hot mess at Hot Topic, Typhoons spreading botnets, ethical hacker dumps data and more!

The Jerich Show Podcast

Play Episode Listen Later Dec 6, 2024 18:02


Hey there, tech detectives and cyber sleuths! Grab your headphones and get ready for another wild ride through the digital jungle with Erich and Javvad. This week, we're diving into a hot mess at Hot Topic (pun totally intended) that's left 57 million people saying 'Uh-oh!' Plus, we'll take you on a typhoon-fueled adventure as China's notorious Volt Typhoon crew makes a shocking comeback. It's like a cyber soap opera, but with way more zeroes and ones! So, buckle up, buttercup – it's time to unravel these tangled webs of tech drama! Stories from the show: HIBP notifies 57 million people of Hot Topic data breach https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/ China's Volt Typhoon crew and its botnet surge back with a vengeance https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ Amazon MOVEit Leaker Claims to Be Ethical Hacker https://www.infosecurity-magazine.com/news/amazon-moveit-leaker-claims/

Security Conversations
Volexity's Steven Adair on Russian Wi-Fi hacks, memory forensics, appliance 0days and network inspectability

Security Conversations

Play Episode Listen Later Nov 30, 2024 78:33


Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity's “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions. We also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek). Honorary buddy: Steven Adair (https://twitter.com/sadair) (Volexity)

The Gate 15 Podcast Channel
Weekly Security Sprint EP 90. CISA future, more liability, and password problems

The Gate 15 Podcast Channel

Play Episode Listen Later Nov 20, 2024 25:56


In this week's Security Sprint, Dave and Andy covered the following topics. Warm Start: • Auto-ISAC: Thomas Farmer Assumes Position as Director of Operations • News from the Auto-ISAC Cybersecurity 2024 Summit • Follow Up from last Sprint: FBI Statement Regarding Offensive Text Messages o Bigoted text messages after Trump victory also targeted Latinos, LGBTQ+ communities, FBI says o FBI investigates new wave of offensive messages targeting Hispanic, LGBTQ people • Groundbreaking Framework for the Safe and Secure Deployment of AI in Critical Infrastructure Unveiled by Department of Homeland Security • Media Advisory: Chairman Green Announces Worldwide Threats Hearing Featuring DHS Secretary Mayorkas, FBI Director Wray, NCTC Acting Director Holmgren: November 20, 2024, at 10:00 AM ET • Senate Judiciary Committee: Big Hacks & Big Tech: China's Cybersecurity Threat: November 20, 2024, at 2:00 PM ET Main Topics: Homeland Security Transitions. Rand Paul has plans to kneecap the nation's cyber agency. The incoming chair of the Senate Homeland Security Committee has pledged to severely cut the powers of the Cybersecurity and Infrastructure Security Agency or eliminate it entirely. • CISA Director Jen Easterly to depart on Inauguration Day • House Homeland Releases “Cyber Threat Snapshot” Highlighting Rising Threats to US Networks, Critical Infrastructure • Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure • Salt Typhoon: T-Mobile Hacked in Massive Chinese Breach of Telecom Networks • Salt Typhoon: Intelligence community briefed Congress on Chinese telecom intrusions • Volt Typhoon rebuilds malware botnet following FBI disruption • China's Hacker Army Outshines America Liability: Legal Report: A Michigan Agency Agrees to $13 Million Settlement Concerning Surprise Active Shooter Drill. Cyber Resilience: • NordPass: Top 200 Most Common Passwords. • 2023 Top Routinely Exploited Vulnerabilities. PDF: AA24-317A 2023 Top Routinely Exploited Vulnerabilities Quick Hits: • Palo Alto! Risky Biz News: Unpatched zero-day in Palo Alto Networks is in the wild. • CISA Adds Two Known Exploited Vulnerabilities to Catalog o CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability o CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability • EPA: Management Implication Report: Cybersecurity Concerns Related to Drinking Water Systems. o US EPA report cites cybersecurity flaws in drinking water systems, flags disruption risks and lack of incident reporting o Drinking water systems for 26M Americans face high cybersecurity risks • Moody's Cyber Heat Map flags extreme cyber risks for critical infrastructure, impacting telecommunications and airlines • 35 dead as driver hits crowd at sports center in southern Chinese city • ODNI - Potential Global Economic Consequences of a Use by Russia of Nuclear Weapons in Ukraine • Australia-Japan-United States Trilateral Defense Ministers' Meeting November 2024 Joint Statement • Justice Department Announces Murder-For-Hire and Related Charges Against IRGC Asset and Two Local Operatives • Iranian “Dream Job” Campaign 11.24 • Fans scuffle despite heavy security presence at France-Israel soccer match • Hate, Extremism & Terrorism: o Houston man charged with attempting to provide material support to ISIS o The FBI says it stopped a possible terrorist attack in Houston o California Teenager Pleads Guilty in Florida to Making Hundreds of ‘Swatting' Calls Across the United States o Nazi Group Marches Through Ohio Town o Germany: 17-year-old arrested over alleged terror plot o Teens accused of plotting to bomb pro-Israel rally on Parliament Hill o Man dead after explosions outside Brazil supreme court ahead of G20

Security Conversations
What happens to CISA now? Is deterrence in cyber possible?

Security Conversations

Play Episode Listen Later Nov 15, 2024 113:51


Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. Plus, discussion on hina's cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek).

Business of Tech
Cybersecurity Threats, Microsoft Price Hikes, AI in Consulting, and Password Trends Explored

Business of Tech

Play Episode Listen Later Nov 14, 2024 16:07


We start focusing on the resurgence of the state-sponsored cyber espionage group Volt Typhoon. This group has been targeting critical infrastructure, particularly outdated devices like Cisco and Netgear routers, and has successfully compromised a significant percentage of these devices in a short time frame. The episode highlights the vulnerabilities in the energy sector, where third-party breaches account for a substantial portion of incidents, emphasizing the need for improved vendor responsibility and proactive security measures.Host Dave Sobel also covers the progress of the Secure by Design initiative led by CISA, which has seen over 100 companies commit to adopting secure development practices. This movement is gaining traction as organizations recognize the importance of reducing vulnerabilities in software. Additionally, the Transportation Security Administration has proposed new cybersecurity regulations aimed at protecting high-risk pipelines and railroad operators, mandating the establishment of cyber risk management programs and timely reporting of incidents.The episode shifts focus to Microsoft, which is implementing a price hike on various services, including a 25% increase for Teams Phone and up to a 40% increase for Power BI. This move is part of Microsoft's strategy to align pricing across its services, reflecting the growing usage of premium features among enterprise customers. Sobel notes the significance of these changes in the context of the broader IT landscape, particularly as Windows 11 ISO media for ARM64 PCs becomes available, allowing for clean installations on compatible devices.Finally, Sobel discusses the evolving role of IT consultancies, which are increasingly focusing on artificial intelligence, data governance, and platform integration as they prepare for 2025. The episode highlights the importance of clean and accessible data in leveraging AI technologies and the need for organizations to modernize their legacy systems. Sobel concludes with reflections on the ethical implications of AI in creative industries, citing a controversial AI-generated interview by a Polish radio station and the positive use of AI in restoring the voice of country music legend Randy Travis. Four things to know today00:00 Volt Typhoon Resurfaces with Advanced Attacks on Critical Infrastructure, Exploiting Legacy Routers02:48 CISA and TSA Cybersecurity Efforts as Secure-by-Design and NIST Framework Gain Ground06:14 Microsoft's Price Hike Targets Monthly Subscriptions and Premium Services, Teams Phone to Rise 25%09:32 IT Consultancies Double Down on AI, Data, and Integration as Organizations Modernize for 2025  Supported by:  https://timezest.com/mspradio/https://www.coreview.com/msp  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Cyber Security Headlines
Volt Typhoon's new botnet, China APT hits Tibet, DoD leaker sentenced

Cyber Security Headlines

Play Episode Listen Later Nov 14, 2024 7:31


Volt Typhoon rebuilding botnet Chinese group targets Tibetan media DoD leaker sentenced Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. Get the stories behind the headlines at CISOSeries.com

Aperture: A Claroty Podcast
Joe Saunders on Advanced Cyberattacks Against Critical Infrastructure

Aperture: A Claroty Podcast

Play Episode Listen Later Nov 7, 2024 34:43


Runsafe Security CEO and Cofounder Joe Saunders joins the Nexus Podcast to discuss the strategic shift from certain APTs toward destructive cyberattacks targeting U.S. critical infrastructure. Groups such as Volt Typhoon and Sandworm have aggressively focused their efforts on hacking OT, IoT, and healthcare organizations, opening new fronts that asset owners and operators, as well as manufacturers of embedded systems must now contend with. 

The Lawfare Podcast
Lawfare Daily: Can Chinese Cyber Operations Be Deterred, with Dakota Cary

The Lawfare Podcast

Play Episode Listen Later Nov 5, 2024 42:38


Dakota Cary, Strategic Advisory Consultant at SentinelOne, joins Lawfare Senior Editor Eugenia Lostri, to discuss his article on U.S. attempts to deter Chinese hacking group Volt Typhoon. They talk about why Volt Typhoon won't stop its intrusions against critical infrastructure, whether other hacking groups can be deterred, and where we should focus our attention to counter malicious activity.Materials discussed during the episode:"Exploring Chinese Thinking on Deterrence in the Not-So-New Space and Cyber Domains," by Nathan Beauchamp-MustafagaFinal Report of the Defense Science Board (DSB) Task Force on Cyber Deterrence, February 2017The Atlantic Council report, "Adapting US strategy to account for China's transformation into a peer nuclear power," by David O. Shullman, John K. Culver, Kitsch Liao, and Samantha WongTo receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Security Conversations
ESET Israel wiper malware, China's Volt Typhoon response, Kaspersky sanctions and isolation

Security Conversations

Play Episode Listen Later Oct 18, 2024 98:18


Three Buddy Problem - Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influences affecting cybersecurity reporting. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek).

The Daily Decrypt - Cyber News and Discussions
China Accuses US of Fabricating Volt Typhoon, Fortinet Devices Still Vulnerable

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Oct 16, 2024


Video Episode: https://youtu.be/jjp4xiYI0Xw In today’s episode, we delve into the escalating cyber tensions between China and the U.S. as China accuses the latter of fabricating the Volt Typhoon threat to divert attention from its own cyber-espionage activities. We also discuss the Internet Archive’s partial recovery from recent DDoS attacks and the critical vulnerability found in the Jetpack plugin affecting over 27 million WordPress sites. Additionally, we cover the ongoing risks posed by the CVE-2024-23113 vulnerability in Fortinet devices, emphasizing the need for immediate action by IT administrators. Article Links: 1. China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns: https://thehackernews.com/2024/10/china-accuses-us-of-fabricating-volt.html 2. The Internet Archive and its 916 billion saved web pages are back online: https://arstechnica.com/tech-policy/2024/10/the-internet-archive-and-its-916-billion-saved-webpages-are-back-online/ 3. WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites: https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html 4. 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113): https://www.helpnetsecurity.com/2024/10/15/cve-2024-23113/ Timestamps 00:00 – Introduction 01:04 – China vs US on Volt Typhoon 03:08 – Internet Archive’s partial recovery 04:05 – Vulnerability found in the Jetpack plugin 05:16 – Fortinet devices vulnerable 1. What are today’s top cybersecurity news stories? 2. What did China say about Volt Typhoon and U.S. cybersecurity claims? 3. How has the Internet Archive recovered from DDoS attacks? 4. What vulnerability was found in the Jetpack WordPress plugin? 5. How can users protect themselves from the Fortinet CVE-2024-23113 vulnerability? 6. What is the significance of China accusing the U.S. of false flag cyber operations? 7. How is the Wayback Machine functioning after the recent attack? 8. What remediation steps were taken for the Jetpack plugin vulnerabilities? 9. What are the potential implications of the Fortinet devices vulnerability? 10. What does the report say about the nature of the Volt Typhoon cyber group? Volt Typhoon, cyber espionage, Microsoft, CrowdStrike, Internet Archive, Wayback Machine, DDoS, data breach, Jetpack, vulnerability, WordPress, security, Fortinet, vulnerability, remote code execution, cybersecurity, 1. **Volt Typhoon**: A moniker for a China-nexus cyber espionage group alleged to be fabricated by the United States and its allies. It’s claimed to have been active since 2019, focusing on stealthily embedding in critical infrastructure networks. Its importance lies in its potential to influence international relations and cybersecurity defenses. 2. **False Flag Operation**: An act committed with the intent to disguise the actual source of responsibility and blame another party. In cybersecurity, this is a critical concept as it involves the deceptive masking of attacks, complicating attribution and heightening global tensions. 3. **Edge Devices**: Hardware that provides an entry or exit point for data communication in a network, such as routers, firewalls, and VPN hardware. In cybersecurity, these devices are vital as they are often targeted in attacks to relay or intercept data and evade detection. 4. **Operational Relay Boxes (ORBs)**: Network devices used to obscure the origin of cyber operations by routing attacks through intermediary points. This term is significant in cybersecurity because it demonstrates sophisticated tactics used to hide attacker identity and enhance stealth. 5. **Zero-Day Exploitation**: The act of exploiting a software vulnerability undiscovered or not yet patched by the vendor, often leading to significant security breaches. This term is crucial in cybersecurity as it represents threats posed by novel and unpatched vulnerabilities. 6. **Web Shell**: A script placed on a compromised web server to enable remote control. The term is pertinent in cybersecurity given its use in facilitating unauthorized access and further attacks. 7. **Backdoor**: A method of bypassing normal authentication to access a system, often installed by attackers to maintain continued access. Its importance in cybersecurity is underscored by its potential to allow undetected, persistent threats. 8. **Marble Framework**: A software toolkit allegedly used by U.S. intelligence to obscure attribution in cyber attacks. Understanding such frameworks is crucial for cybersecurity professionals in unraveling sophisticated attempts at masking the identity of cyber threats. 9. **Cyber Espionage**: The practice of engaging in covert operations to obtain confidential information from foreign governments or companies through cyber means. It is a significant aspect of national security and international relations in the digital age. 10. **Five Eyes**: An intelligence alliance comprising the United States, the United Kingdom, Canada, Australia, and New Zealand. Its role in cybersecurity involves extensive information sharing and cooperation on threats, making it a key player in global cyber defense strategies.

Microsoft Threat Intelligence Podcast
Gingham Typhoon's Cyber Expansion Into the South Pacific

Microsoft Threat Intelligence Podcast

Play Episode Listen Later Oct 9, 2024 38:56


In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Nick Monaco, Principal Threat Intelligence Analyst at Microsoft, delving into findings from Microsoft's April 2024 East Asia threat report. They discuss Gingham Typhoon's expanding cyber operations in the South Pacific, notably targeting strategic partners like Papua New Guinea despite their involvement in China's Belt and Road Initiative. The conversation shifts to Nylon Typhoon's global espionage efforts, including recent activities in South America and Europe. They also cover Volt Typhoon's sophisticated attacks on U.S. critical infrastructure and highlight Storm 1376's (now Tides of Flood) use of AI-generated news anchors for spreading misinformation. This episode emphasizes the evolving nature of cyber threats and influence operations, including the creative use of technology by adversaries to advance their agendas.  * This episode is from April 2024 and is not new information.    In this episode you'll learn:          How Nylon Typhoon targets geopolitical intelligence in South America and Europe  The evolving landscape of influence operations and China's growing capabilities  How disinformation campaigns have exploited real-world events    Some questions we ask:         How has generative AI changed influence operations and disinformation?  What are the key trends in North Korean cyber operations with cryptocurrency and AI?  Why are Chinese influence operations engaging with questions on social media?    Resources:   View Nick Monaco on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Art of Discussing
Cybersecurity Awareness Month 2024

Art of Discussing

Play Episode Listen Later Oct 9, 2024 71:55


October is cybersecurity awareness month. In this episode, Kate and Ben discuss cybersecurity awareness both on an individual and business level as well global and nation state level. Resources/Research:“Cybersecurity statistics in 2024” by Mehdi Punjwani and Sierra Campbell. Published in USA Today website October 4, 2024 and available on https://www.usatoday.com/money/blueprint/business/vpn/cybersecurity-statistics/“Iranian cyber operation targeting the Trump campaign is likely still underway, FBI official says” by Dan De Luce. Published in NBC News website September 6, 2024 and available on https://www.nbcnews.com/investigations/iranian-cyber-operation-targeting-trump-campaign-likely-still-underway-rcna170003“FBI Director Chris Wray warns Congress that Chinese hackers targeting U.S. infrastructure as U.S. disrupts foreign botnet “Volt Typhoon'” by Robert Legare Olivia Gazis, Nicole Sganga. Published in CBS news website January 31, 2024 and available on https://www.cbsnews.com/news/chinese-hackers-pose-danger-american-infrastructure-innovation-fbi-director-warning/"America's Cyber Defense Agency". Published in Cybersecurity & Infrastructure Security Agency website and available on https://www.cisa.gov/  Books: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy GreenbergTracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy GreenbergThis is How They Tell Me the World Ends by Nichol PerlrothCheck out our website at http://artofdiscussing.buzzsprout.com, on Facebook at Art of Discussing and on Instagram @artofdiscussing.Got a topic that you'd like to see discussed? Interested in being a guest on our show? Just want to reach out to share an opinion, experience, or resource? Leave us a comment below or contact us at info@artofdiscussing.com!! We'd love to hear from you! Keep Discussing!Music found on Pixabay. Song name: "Clear Your Mind" by Caffeine Creek Band"

Packet Pushers - Full Podcast Feed
PP030: Volt Typhoon On the Attack, Starlink Joins the Navy, and More Security News

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Sep 10, 2024 33:15


Today’s Packet Protector is an all-news episode. We cover the Volt Typhoon hacker group exploiting a zero-day in Versa Networks gear and a multitude of vulnerabilities in Zyxel network products. We also debate whether Microsoft’s endpoint security summit will be more than a public relations exercise, a serious backdoor in RFID cards used in offices... Read more »

Packet Pushers - Fat Pipe
PP030: Volt Typhoon On the Attack, Starlink Joins the Navy, and More Security News

Packet Pushers - Fat Pipe

Play Episode Listen Later Sep 10, 2024 33:15


Today’s Packet Protector is an all-news episode. We cover the Volt Typhoon hacker group exploiting a zero-day in Versa Networks gear and a multitude of vulnerabilities in Zyxel network products. We also debate whether Microsoft’s endpoint security summit will be more than a public relations exercise, a serious backdoor in RFID cards used in offices... Read more »

Risky Business
Risky Business #761 – Telegram v frogs. Fight!

Risky Business

Play Episode Listen Later Aug 28, 2024 64:32


On this week's show, Patrick Gray and Adam Boileau discusses the week's security news, including: Telegram founder's arrest in France Volt Typhoon 0days some SD-WAN gear Russia frets about Ukraine all up in Kursk's webcams Cybercriminals social engineer payment card NFC relay attacks in the wild The slow burn of Active Directory name collisions And much, much more. This week's episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly. You can also watch this week's show on Youtube. Show notes Pavel Durov: Telegram CEO's arrest part of larger investigation Keep Pavel Durov LOCKED UP Internet mogul Kim Dotcom to be extradited to the US, NZ justice minister says New 0-Day Attacks Linked to China's ‘Volt Typhoon' – Krebs on Security Oil industry giant Halliburton confirms 'issue' following reported cyberattack Seattle airport confronts 4th day of cyberattack outages | Cybersecurity Dive Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine In a Kyiv hangar, Ukraine launches a cyber range for everyone U.S. military, on Tinder, says to swipe left on Iran-backed militants - The Washington Post CISA officials credit Microsoft security log expansion for improved threat visibility | Cybersecurity Dive Suspect in $14 billion cryptocurrency pyramid scheme extradited to China Android malware used to steal ATM info from customers at three European banks Novel technique allows malicious apps to escape iOS and Android guardrails | Ars Technica Local Networks Go Global When Domain Names Collide – Krebs on Security Attack tool update impairs Windows computers SonicWall pushes patch for critical vulnerability in SonicOS platform | CyberScoop “YOLO” is not a valid hash construction

The Wright Report
13 AUGUST 2024 NEWS: Global Secrets Unveiled — Venezuela, Mexico, Turkey, China // Medical Mystery // Miracle in Israel

The Wright Report

Play Episode Listen Later Aug 13, 2024 28:05


Donate (no account necessary) | Subscribe (account required) In the August 13th episode of The Wright Report, former CIA Officer Bryan Dean Wright delves into six explosive stories that reveal the secrets shaping the world today. Venezuela's Secret Deal: A clandestine negotiation between the U.S. and Venezuela's dictator Nicolás Maduro could change the future of millions of Venezuelans on the brink of fleeing their country. Cartel Intrigue in Mexico: The shocking capture of a Mexican cartel leader could expose deep corruption within Mexico's government, leaving the Biden administration with critical decisions to make. Top Secret Arrest: The arrest of a Turkish-born U.S. Air Force contractor caught with thousands of classified documents raises questions about espionage and national security. China's Cyber Threat: Despite U.S. efforts, China's notorious hacking group, Volt Typhoon, continues to pose a grave threat to America's critical infrastructure. Rising Cancer Rates: Alarming new data shows a surge in cancer diagnoses among young Americans, with obesity suspected as a major culprit. A Miracle in Israel: In the midst of war, a miraculous survival of cocoa saplings in Israel could hold the key to securing the global chocolate supply. Join Bryan Dean Wright as he uncovers the secrets that matter, offering sharp analysis and thought-provoking opinions on the global stage. "And you shall know the truth, and the truth shall make you free." - John 8:32