Podcasts about winnti

Dick O'Brien from Symantec's Threat Hunter team discusses their research on "Blackfly - Espionage Group Targets Materials Technology." Researchers say the Blackfly espionage group (aka APT41), has been mounting attacks against Asian materials and composite organizations in attempts to steal intellectual property. This group has been known as one of the longest known Chinese advanced persistent threat (APT) groups since at least 2010. The research shares that "early attacks were distinguished by the use of the PlugX/Fast (Backdoor.Korplug), Winnti/Pasteboy (Backdoor.Winnti), and Shadowpad (Backdoor.Shadowpad) malware families." The research can be found here:  Blackfly: Espionage Group Targets Materials Technology

Dick O'Brien from Symantec's Threat Hunter team discusses their research on "Blackfly - Espionage Group Targets Materials Technology." Researchers say the Blackfly espionage group (aka APT41), has been mounting attacks against Asian materials and composite organizations in attempts to steal intellectual property. This group has been known as one of the longest known Chinese advanced persistent threat (APT) groups since at least 2010. The research shares that "early attacks were distinguished by the use of the PlugX/Fast (Backdoor.Korplug), Winnti/Pasteboy (Backdoor.Winnti), and Shadowpad (Backdoor.Shadowpad) malware families." The research can be found here:  Blackfly: Espionage Group Targets Materials Technology

In today's podcast we cover four crucial cyber and technology topics, including: 1.Criminals trick users with fake Queen phish 2.Criminals mimic Sniffies dating app to push malware 3.Researchers find new Linux tool used by Chinese-linked actors 4.Ransomware crew Lorenz exploiting flaw in MiVoice setups I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

El escándalo de espionaje en España a dirigentes políticos se amplía llegando hasta al presidente del gobierno entre campañas de desprestigio, preguntas sin respuestas claras y dimisiones forzadas. Anomaly Six, una empresa que compra datos de geolocalización a empresas de márketing, demuestra cómo puede seguir, en tiempo real y hacia el pasado, el rastro de espías, portaaviones nucleares, submarinos chinos y rusos, y sus lugares más frecuentados, como sus hogares u oficinas. «Intrusion Truth» es un grupo de expertos en ciberseguridad que se dedican a buscar, cazar y publicar detalles de los datos personales de espías y hackers chinos que trabajan para el gobierno co el objetivo de robar propiedad intelectual de empresas europeas y americanas. La operación CuckooBees del grupo cibercriminal chino Winnti o APT41 se infiltra en empresas de todo el mundo y roba diagramas de aviones de combate, helicópteros y misiles, permaneciendo entre las sombras por más de 2 años abusando de una funcionalidad no documentada de Windows. Notas y referencias en tierradehackers.com Youtube: youtube.com/tierradehackers Twitch: twitch.tv/tierradehackers Si te gusta lo que hacemos, considera apoyarnos en Patreon para que podamos seguir creciendo y crear aun más contenido: patreon.com/tierradehackers No olvides unirte a nuestra comunidad de discord: tierradehackers.com/discord Gracias a Monad por esponsorizarnos: monad.com Gracias a onBRANDING por esponsorizarnos: onbranding.es

In today's podcast we cover four crucial cyber and technology topics, including: 1.F5 fixes flaws, one severe in Big-IP product 2.Heroku users receive email to reset passwords after data theft 3.Researchers link ransomware strain to North Korean hackers 4.Chinese Winnti campaign targeting copyright, trademark data disclosed I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

A daily look at the relevant information security news from overnight.Episode 232 - 04 May 2022Sixt sacked - https://www.securityweek.com/cyberattack-causes-disruptions-car-rental-giant-sixtTwitter phish - https://www.bleepingcomputer.com/news/security/new-phishing-warns-your-verified-twitter-account-may-be-at-risk/ERP Spyder - https://www.zdnet.com/article/chinese-hackers-use-rarely-seen-windows-mechanism-abuse-in-campaign-undetected-for-years/Chrome zero two - https://www.bollyinside.com/news/problems-with-google-a-chrome-update-has-been-released-to-address-a-rare-zero-day-vulnerabilityAvaya Aruba a warning- https://www.theregister.com/2022/05/03/aruba_avaya_critical_vulns/?td=rt-3a

A new Chinese cyberespionage group is described. Cobalt Strike implants are observed hitting unpatched VMware Horizon servers. Ukraine attributes last week's cyberattacks to Russia (with some possibility of Belarusian involvement as well). Microsoft doesn't offer attribution, but it suggests that the incidents were more destructive than ransomware or simple defacements. The US warns of possible provocations. Ben Yelin looks at a bipartisan TLDR bill. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance on the ongoing threat of phishing. And the REvil arrests in Russia may have been for “leverage.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/11

In today's podcast we cover four crucial cyber and technology topics, including: 1. REvil gains access to corporate data by compromising CEO's email 2. REvil compromises Nuclear consultant Sol Orien 3. G7 urges countries to take action against ransomware operators 4. Researchers link SITA breach to APT41 I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1. Chinese-linked threat actors target Russian gaming firm 2. Ring adds security and encryption to it's camera doorbells 3. TikTok changes default privacy settings for underage users to private 4. Facebook sues Portuguese firm for privacy violating browser extensions I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1. U.S. indicts five Chinese nationals assessed to be part of APT412. University Hospital New Jersey suffers ransomware, data breach 3. NewHall School District in California suffers ransomware impacting distance learning4. Chinese cyberactivity against Vatican continues I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

On this week’s show Patrick and Adam discuss the week’s security news, including: easyJet breach linked to Chinese APT Israel claims credit for attack against Iranian port Chinese-linked crew behind Taiwan energy hax Crypto-wars reignite over Pensacola shooter’s phone Much, much more This week’s show is brought to you by Gigamon Threat Insight. Will Peteroy is our sponsor guest in this week’s show and he drops by with a pretty sobering message: large companies are provisioning VPN access to all and sundry right now because of the COVID-19 crisis and ransomware crews are sailing right on in on the back of that access. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes EasyJet announces breach impacting 9 million people China hackers suspected in easyJet attack Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company 'Greenbug' hacking group hits three telecom firms in Pakistan US will try Joshua Schulte again for allegedly leaking CIA hacking tools iPhone crypto hid al-Qaida link to naval base shooting, AG fumes | Ars Technica iPhone Research Tool Sued by Apple Says It’s Just Like a PlayStation Emulator - VICE Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump | ZDNet UK electricity middleman hit by cyber-attack | ZDNet Hackers preparing to launch ransomware attacks against hospitals arrested in Romania | ZDNet Supercomputers hacked across Europe to mine cryptocurrency | ZDNet Security incident knocks UK supercomputer service offline for days U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs — Krebs on Security Scammers steal $10 million from Norfund, the largest sovereign wealth fund FBI warns about attacks on Magento online stores via old plugin vulnerability | ZDNet Top 10 Routinely Exploited Vulnerabilities | CISA Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet New Ramsay malware can steal sensitive documents from air-gapped networks | ZDNet COMpfun authors spoof visa application with HTTP status-based Trojan | Securelist Pentagon Contractors’ Report on ‘Wuhan Lab’ Origins of Coronavirus Is Bogus This Service Helps Malware Authors Fix Flaws in their Code — Krebs on Security A cybercrime store is selling access to more than 43,000 hacked servers | ZDNet US Commerce Department tightens screws on Huawei export controls Huawei denies involvement in buggy Linux kernel patch proposal | ZDNet Chrome will soon block resource-draining ads. Here’s how to turn it on now | Ars Technica Google to start rolling out Chrome Tab Groups feature next week | ZDNet Microsoft adds initial support for DNS-over-HTTPS (DoH) in Windows Insiders | ZDNet Cloud security: Attacking Azure AD to expose sensitive accounts and assets | The Daily Swig Service NSW: Australian government agency hit by cyber-attack | The Daily Swig PrintDemon vulnerability impacts all Windows versions | ZDNet Critical SharePoint and browser security flaws star in May Patch Tuesday | The Daily Swig XSS vulnerability in ‘Login with Facebook’ button earns $20,000 bug bounty | The Daily Swig BIND 9 security releases address two high severity vulnerabilities | The Daily Swig Web Giants Scrambled to Head Off a Dangerous DDoS Technique | WIRED Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks | ZDNet How to use Trend Micro's Rootkit Remover to Install a Rootkit – Bill Demirkapi's Blog – The adventures of a 18 year old security researcher. Officials: Israel linked to a disruptive cyberattack on Iranian port facility - The Washington Post Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon

Winnti Group has appeared time and time again in recent months, but a new report released this week shows that the group may be getting sloppy. Greg Otto and Shannon Vavra break down what malware the group is using, how they may be tied to a company known as "World Wired Labs," and what it tells us about the Chinese cybercrime underground.

The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. The Sodinokibi ransomware gang is running an essay contest. And the 2015 Ashley Madison breach keeps on giving, in the form of blackmail. Emily Wilson from Terbium Labs on the sale of “points” and “status benefits” on the dark web. Guest is Michael Sutton from Stonemill Ventures with insights from the cyber VC world. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_31.html Support our show

A daily look at the relevant information security news from overnight.Episode 179 - 22 October 2019Best Western leak - https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/Trend Micro rund malware - https://www.theregister.co.uk/2019/10/21/flaw_trend_micro/Gustuff new look - https://threatpost.com/gustuff-android-banker-switches-technical-approach/149403/Winnti skip-2.0 - https://www.scmagazine.com/home/security-news/gaming/skip-2-0-backdoor-malware-provides-magic-password-to-access-mssql-accounts/Alexa, what’s my password? - https://threatpost.com/new-way-found-to-use-alexa-google-to-voice-phish-and-eavesdrop-on-users/149352/

A daily look at the relevant information security news from overnight.Episode 174 - 15 October 2019Pitney Bowes encrypted - https://www.zdnet.com/article/pitney-bowes-claims-customer-data-safe-following-malware-attack/Alphabroder down - https://www.asicentral.com/news/newsletters/promogram/october-2019/alphabroder-suffers-ransomware-attack/Ransomware hits M6 - https://www.zdnet.com/article/m6-one-of-frances-biggest-tv-channels-hit-by-ransomware/Sudo no-no - https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.htmlWinnti updates attack - https://www.bleepingcomputer.com/news/security/winnti-group-uses-new-portreuse-malware-against-asian-manufacturer/

Winnti and other Chinese threats have been active against German and French targets. The US Senate Intelligence Committee has issued the first volume of its report on Russian operations against US elections--this one deals with infrastructure. Louisiana declares a state of cyber emergency over ransomware. Johannesburg’s power utility is also hit with ransomware. And you could get up to $175 from the Equifax breach settlement. Daniel Prince from Lancaster University on experimental protocols for ICS security systems. Guest is Joseph Menn, author of The Cult of the Dead Cow. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_26.html  Support our show

Eine Recherche des Bayerischen und Norddeutschen Rundfunks deckt auf, dass seit Jahren Großunternehmen auf der ganzen Welt von einer professionellen Hackergruppe ausspioniert werden. Auch mehrere große Konzerne aus Deutschland sind betroffen. Der Artikel zum Nachlesen: https://detektor.fm/digital/winnti-recherche-neue-erkenntnisse

Sponsor: https://www.nuharborsecurity.com Contact Me: https://justinfimlaid.com/contact-me/ Twitter: @justinfimlaid LinkedIn: https://www.linkedin.com/in/jfimlaid/

Linux variant of Winnti malware spotted in wild Windows 10’s May patches are borking McAfee and Sophos software Ransomware Cyberattacks Knock Baltimore’s City Services Offline Transcript: May 21st Raw.mp3  It’s Tuesday May 21st 2019 and this is security on the bayou. Today security news and why it matters to you. So today’s can be fun day. We’ve got a couple of really good ones too. Two they’re going to sort of follow ups one that’s pretty technical but this I’m pretty excited about today it is Tuesday. All right first one from a SC magazine dot com written by Robert… Continue ReadingTuesday, May 21st, 2019 The post Tuesday, May 21st, 2019 appeared first on Security On The Bayou.

BlackWater is snooping around the Middle East. It’s evasive, and it looks a lot like the more familiar MuddyWater threat actor. TeamViewer turns out to have been hacked, and the perpetrators look like the proprietors of the Winnti backdoor. An Android app is behaving badly. Another unsecured database is found hanging out on the Internet. There’s a free decryptor out for a strain of ransomware, but  also it won’t help Baltimore. And the market’s look at the Huawei ban. Craig Williams from Cisco Talos discussing honeypots on Elasticsearch. Guest is Dave Venable from Masergy on cyber vulnerabilities at the infrastructure level. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_21.html  Support our show

In today’s podcast we hear that Bayer, maker of pharmaceuticals and agricultural products, blocked an espionage attempt by China’s Winnti Group, and has been quietly monitoring the threat actor since last year. GlitchPOS and its evolution. Do those apps really need all that access? Two breaches of Facebook data by third parties. Some good digital hygiene notes:  change default passwords and backup your data in a secure and recoverable way. And no, there’s no CIA officer warning you’ll be arrested if you don’t pony up 1.4 Bitcoin. Craig Williams from Cisco Talos with research on GlitchPOS malware. Guest is Leo Simonovich from Siemens Energy on challenges and opportunities in the energy sector. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_04.html  Support our show

Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups. Tom Hegel is a Senior Threat Researcher with the 401TRG, and he joins us to share their findings. 

Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups. Tom Hegel is a Senior Threat Researcher with the 401TRG, and he joins us to share their findings.  The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Thanks to our sponsor Enveil, closing the last gap in data security.

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We discuss vulnerabilities in Microsoft Office (CVE-2018-8174) and basestriker. And, finally, we outline the fall out surrounding the Olympus dark web marketplace.

In today's podcast we hear that Chinese intelligence services have been seen beneath the Winnti Umbrella. North Korea's off-shoring of cyber operations. ZooPark Android spyware is now in its fourth generation, and still active in the Middle East and North Africa. Vulnerabilities in Dasan GPON routers are exploited in the wild. Russian Twitterbots are suspected of tweeting death threats in the UK. David Dufour from Webroot on anti-malware testing procedures. And how do you solve a problem like GDPR?