File archiver
POPULARITY
我觉得只要你用过电脑,你就应该用过WinRAR这款软件。这几乎是人尽皆知的压缩软件。它的故事,可以说是一部由天才程序员、一个独特的商业模式和时代需求共同谱写的传奇。大家好,我是栋哥,咱们又见面了。天才程序员的杰作WinRAR的核心,源于一位名叫尤金·罗谢尔(Eugene Roshal)的俄罗斯程序员。他出生于1972年,毕业于俄罗斯的南乌拉尔州立大学。在90年代初,个人电脑正在普及,但硬盘空间却非常宝贵,因此文件压缩技术成为了当时的热点。当时,市面上最流行的压缩格式是大家都很熟悉的ZIP格式,它由菲尔·卡茨(Phil Katz)创造。关于Phil Katz的故事,在我的电台的第72期天才与酒鬼,自私与无畏中已经讲过了,有兴趣的,可以去听听。然而,罗谢尔认为他可以做得更好。他着手开发一种新的压缩算法,目标是实现更高的压缩率和更强的数据恢复能力。这个算法的成果,就是RAR——Roshal ARchive(罗谢尔的归档)的缩写。好的,我们来详细介绍一下尤金·罗谢尔(Eugene Roshal),这位在软件世界中鼎鼎大名,却又异常低调的传奇程序员。他的故事充满了天才式的创造和一种独特的专注,正是这种专注,让他缔造了全球数亿人电脑中不可或缺的工具——WinRAR。个人简介与教育背景尤金·罗谢尔(全名:Yevgeniy Lazarevich Roshal,俄语:Евгений Лазаревич Рошал)于1972年3月10日出生在俄罗斯的工业城市车里雅宾斯克(Chelyabinsk)。这个城市有个著名的事件,在2013年的时候,一颗直径约18米、重达上万吨的小行星以超过6万公里/小时的超高速冲入地球大气层。它在车里雅宾斯克州上空约23公里的高空发生了剧烈的爆炸解体,形成了一个比太阳还要耀眼的超级火球。他毕业于南乌拉尔州立大学(South Ural State University),这是一所以技术和工程见长的学府。大学期间,他主修的是计算机工程相关的专业,这为他日后在软件开发领域取得的巨大成就打下了坚实的理论基础。然而,关于他的个人生活、兴趣爱好甚至一张清晰的照片都极难在公开渠道找到。他是一位典型的“代码背后的人”,选择让自己的作品替他发声,自己则远离公众的聚光灯,专注于技术的世界。这种低调和神秘,也为他的传奇增添了一抹独特的色彩。三大杰作:RAR, WinRAR, 和 FAR Manager尤金·罗谢尔的职业生涯主要以他创造的三个核心软件产品而闻名:RAR 压缩算法 (1993年)RAR 是 Roshal ARchive(罗谢尔的归档)的缩写,直接以他的姓氏命名。在90年代初,ZIP是主流的压缩格式。但罗谢尔认为可以创造出一种压缩率更高、容错性更强的算法。RAR算法因此诞生,它在技术上追求极致,尤其是在固实压缩(Solid Archiving)和数据恢复能力上,超越了当时的竞争者。罗谢尔公开了解压RAR文件的源代码(UnRAR),任何人都可以基于它开发解压功能,这也是为什么7-Zip、Bandizip等众多软件都能解压RAR文件的原因。但是,压缩RAR文件的算法至今仍是**专有(Proprietary)**的,并未开源。这意味着,要创建一个标准的RAR压缩包,理论上只能使用官方发布的软件。WinRAR 图形界面压缩软件 (1995年)随着Windows 95的发布,图形化操作界面成为主流。罗谢尔顺应潮流,为他的RAR算法开发了Windows下的图形化前端——WinRAR。巨大成功: WinRAR凭借其强大的功能(如分卷压缩、加密、强大的恢复记录)和对多种格式的兼容性,迅速风靡全球,成为了压缩软件的代名词。它的图标——三本被皮带捆绑的书,也成为了电脑用户最熟悉的符号之一。FAR Manager (1996年)高手的工具: 在开发WinRAR之后,罗谢尔还创造了另一款备受程序员和高级用户推崇的软件——FAR Manager。它是一个在Windows环境下运行的文本界面文件管理器,类似于经典的Norton Commander。特点: FAR Manager极其高效、可通过插件高度定制,对于需要频繁操作大量文件、注重键盘效率的用户来说,至今仍是一款“神器”。这也从侧面反映了罗谢尔本人作为一名硬核程序员的技术品味和开发理念。独特的“兄弟会”商业模式尤金·罗谢尔创造了软件,但商业上的事情他似乎并不关心。这就要提到他的哥哥——亚历山大·罗谢尔(Alexander Roshal)。为了能让自己全身心地投入到软件开发中,尤金将RAR算法和WinRAR软件的版权以及商业运营权,完全交给了他的哥哥亚历山大。这种兄弟间的明确分工,形成了一种非常高效且稳固的合作模式:弟弟尤金: 专注于技术,负责软件的开发、更新和维护,不断打磨产品。哥哥亚历山大: 负责商业决策,包括软件的许可、销售、市场推广以及法务问题。正是这种模式,让尤金可以几十年如一日地做他最擅长和最热爱的事情,而不被商业世界的琐事分心。这也解释了为什么WinRAR能在如此长的时间里保持高质量的更新。一个几乎“隐形”的开发者尤金·罗谢尔是互联网上最成功的软件开发者之一,但也是最低调的一个。你找不到任何关于他的专访,也看不到他在技术大会上发表演讲。他的所有交流,似乎都通过软件的更新日志和哥哥亚历山大的商业实体来完成。他不像比尔·盖茨或林纳斯·托瓦兹(Linux创始人)那样成为公众人物,而是选择了一种“事了拂衣去,深藏功与名”的方式。对他而言,最重要的事情可能就是不断优化代码,解决技术难题,并为全球用户提供一个稳定、强大的工具。尤金·罗谢尔是一位纯粹的技术极客和天才程序员。他用代码定义了自己,用卓越的产品影响了世界,同时又成功地将自己隐藏在了这些产品背后,保持着一个开发者最纯粹和专注的状态。1993年,第一个版本的RAR格式和对应的命令行程序发布了。它凭借比ZIP更高的压缩率,很快在技术爱好者中获得了关注。但真正让RAR走向大众的,是图形化操作系统的兴起。WinRAR的诞生与崛起随着Windows 95的巨大成功,图形界面成为了主流。罗谢尔看到了这个机遇,与他的兄弟亚历山大·罗谢尔(Alexander Roshal)合作,在1995年4月22日,正式发布了为Windows系统量身定做的压缩软件——WinRAR。WinRAR不仅仅是给RAR算法加了一个“壳”,它还带来了许多革命性的功能,使其在与WinZip等软件的竞争中脱颖而出。相比早期ZIP格式在处理非英文字符时可能出现的乱码问题,RAR格式对Unicode的良好支持,让它在中国用户中迅速赢得了口碑。“永不过期”的试用:一个独特的商业模式WinRAR最让用户津津乐道的,莫过于它那“名存实亡”的40天试用期。从法律上讲,WinRAR是一款共享软件(Shareware),用户可以免费下载和试用40天。40天后,每次启动软件,都会弹出一个窗口,提醒你购买许可。但有趣的是,即使你不购买,软件的所有功能依然可以正常使用,只是需要多点一下鼠标关掉那个弹窗。这种看似“佛系”的策略,实际上是一种非常高明的商业模式:“永不过期”的试用让WinRAR得以在全世界,尤其是在对软件付费意愿较低的地区,实现病毒式的传播,几乎成为了个人电脑的“装机必备”软件,培养了数以亿计的用户习惯。对于个人用户,官方采取了“闭两只眼”的态度。但对于注重软件合规和版权的企业用户,购买许可是必须的。庞大的个人用户基础,使得WinRAR在企业市场拥有极高的知名度和认可度,从而保证了稳定的收入。中国区的特色模式: WinRAR在中国区由代理商运营,并且探索出了独特的盈利方式。早期,它与下载站捆绑,后来则在软件中加入了广告弹窗。虽然这些弹窗有时会打扰用户,但也确实让这款“免费”软件得以在中国持续运营和更新。压缩的原理压缩的原理是一个非常有趣的话题,它是我们数字世界的基石之一。无论是发送照片、听音乐,还是打包文件,背后都离不开压缩技术。我们可以将压缩的原理归结为一个核心思想和两大主要分支。核心思想:消除“冗余”所有数据压缩的根本目的,都是为了消除信息中的“冗余”部分,从而用更少的数据位(bit)来表达相同或近似的信息。“冗余”可以理解为数据中重复的、可预测的、或不那么重要的部分。想象一下这个句子:猫猫说:“喵喵喵喵喵。”这句话里有大量的冗余。我们可以用一种更聪明的方式来记录它,比如:猫(重复)说:“喵(重复5次)。”你看,我们用更短的描述表达了完全相同的信息。计算机压缩算法做的也是类似的事情,只是它们处理的是由0和1组成的数据流,并且方法要复杂和高效得多。两大分支:无损压缩 vs. 有损压缩根据压缩后能否完美地恢复原始数据,压缩技术被分为两大阵营。无损压缩 (Lossless Compression)顾名思义,无损压缩可以100%地、完美地将压缩后的数据还原成原始数据,不会丢失任何一点信息。寻找数据中统计学上的冗余。它通过识别数据中的重复模式和规律,并用更短的符号来表示它们。常见算法举例:行程长度编码 (Run-Length Encoding, RLE): 这是最简单的压缩算法。它会寻找连续重复的数据,并将其记录为“某个数据 + 重复次数”。原始数据:AAAAABBBBBBBWWWWRLE压缩后:A5B7W4 (5个A,7个B,4个W)这种方法对简单的图形(如logo、图标)非常有效,但对内容复杂的文本效果不佳。哈夫曼编码 (Huffman Coding): 一种基于统计的巧妙方法。它会分析数据中所有元素(比如文本中的字符)出现的频率,给出现频率最高的元素分配最短的编码,给出现频率最低的元素分配最长的编码。在英文中,字母 e 出现的频率远高于 z。标准编码(ASCII)中,e 和 z 都占用8个bit。但哈夫曼编码可能会给 e 分配一个2-bit的编码,而给 z 分配一个10-bit的编码。总体算下来,整个文件就会小很多。LZ系列算法 (Lempel-Ziv): 这是目前最主流的无损压缩算法,是 WinRAR、ZIP、7z 等软件的核心。它的原理是建立一个“字典”。当算法在数据中前进时,它会不断地将遇到的新词组存入字典。如果再次遇到这个词组,它就不再存储词组本身,而是存一个指向字典里该词组的简短“指针”(例如,“回到前面第X个位置,复制Y个长度的数据”)。在20世纪70年代,数据存储和传输的成本非常高昂。当时主流的压缩技术是基于统计学的,其中最著名的是哈夫曼编码(Huffman Coding)。哈夫曼编码的原理是分析数据中字符出现的频率,给高频字符分配短编码,给低频字符分配长编码,从而实现压缩。这种方法很有效,但有一个核心前提:你必须预先知道数据的统计特性,或者需要扫描两遍数据(第一遍统计频率,第二遍进行编码)。这使得它对于实时传输的数据流,或者内容特性不断变化的复杂文件来说,显得不够灵活和高效。当时的科学家们正在寻求一种更通用的、适应性更强的压缩方法,一种不需要预先了解数据内容就能工作的“通用算法”(Universal Algorithm)。故事的主角是两位来自以色列理工学院(Technion – Israel Institute of Technology)的学者:亚伯拉罕·蓝波(Abraham Lempel)和雅各布·立夫(Jacob Ziv)他们两人致力于信息论和数据压缩的研究,并构想出了一种革命性的新方法。核心思想:用数据自身作为“字典”Lempel和Ziv的核心创想是颠覆性的:为什么我们需要一个预先定义的、固定的编码本(字典)呢?我们完全可以用数据自身来动态地创建这个字典!他们的基本逻辑是:在一段不完全随机的数据中,某些字符串序列很可能会重复出现。如果我们能找到这些重复的部分,并用一个简短的“引用”来替代后面的重复序列,就能实现压缩。这个“引用”就相当于告诉解压程序:“回到前面第X个位置,复制Y个长度的数据”。基于这个核心思想,他们在信息论领域的顶级期刊《IEEE Transactions on Information Theory》上连续发表了两篇里程碑式的论文,分别提出了两种具体的实现算法。1. LZ77算法 (1977年)1977年,他们发表了题为《A Universal Algorithm for Sequential Data Compression》(一种用于序列数据的通用算法)的论文,正式提出了LZ77算法。滑动窗口(Sliding Window) LZ77的实现方式非常巧妙。它在数据流中维护一个“滑动窗口”,这个窗口分为两部分:一部分是刚刚处理过的历史数据(作为“字典”),另一部分是即将要处理的待编码数据。 算法会努力在历史数据中为待编码数据寻找最长的匹配项。如果找到了,就输出一个指向历史数据的(距离,长度)对;如果找不到,就直接输出原始字符。这个“滑动窗口”的思想成为了后续许多压缩算法的基石,包括大名鼎鼎的 DEFLATE 算法,后者正是我们今天每天都在使用的 ZIP、GZIP 和 PNG 等格式的核心。2. LZ78算法 (1978年)一年后,即1978年,他们又发表了第二篇论文《Compression of Individual Sequences via Variable-Rate Coding》,提出了对前一思想的另一种实现——LZ78算法。显式构建字典(Explicit Dictionary) 与LZ77不同,LZ78不再使用滑动窗口,而是从头开始,逐步地、显式地构建一个字典。它会不断读取新的字符串,如果这个字符串不在字典里,就把它添加进去,并输出(字典中上一个匹配项的索引 + 当前新字符)。LZ78的思路更清晰,也更容易在硬件中实现。它直接催生了一个非常重要的商业化变体——LZW算法(Lempel-Ziv-Welch)。LZW由美国学者Terry Welch在1984年对LZ78进行了优化,后来被广泛应用于GIF图片格式和早期的Unix compress命令中,是计算机数据压缩技术第一次大规模普及的功臣。Lempel-Ziv算法的由来,可以看作是数据压缩技术从“静态统计模型”向“动态字典模型”的一次革命性转变。它摆脱了对数据先验知识的依赖,是一种真正自适应的“通用”压缩算法。LZ77和LZ78这两种看似不同但思想相通的实现,为后来的压缩技术发展开辟了两条主要道路。从ZIP文件到PNG图片,从网络传输到数据存储,我们今天的数字生活几乎无处不在地享受着Lempel和Ziv这两位学者在40多年前的开创性工作所带来的便利。为了表彰他们的贡献,IEEE在2004年将他们的算法命名为“IEEE里程碑”。我为什么对这个压缩算法比较了解,这与我曾经参与过的一个项目有关。在我读研究生的时候,Sony的PlayStation 3发布,里面用的CPU叫Cell,是三家公司合作研发的,这3家公司分别是Sony,Toshiba和IBM,简称STI联盟。这个Cell的CPU非常奇怪,当时大家都是搞对称多核,比如2个,4个,8个,16个核心,但是这个Cell是9核心。传统CPU就像一个(或几个)能力全面的“大管家”,每个核心都能处理各种复杂的任务。而Cell的设计则像是一个一个大管家带着八个小专家的团队。1个“大管家” - PPE (Power Processing Element): 这是一个基于IBM PowerPC架构的通用核心,相对传统,负责运行操作系统、协调任务和处理常规逻辑。它的任务是“发号施令”。8个“小专家” - SPE (Synergistic Processing Elements): 这才是Cell的精髓所在。每个SPE都是一个精简但高效的矢量处理器,它们不处理复杂的通用任务,只专注于一件事:大规模的并行浮点运算。这正是3D图形、物理模拟和视频编解码等任务最需要的计算能力。它们负责“干苦力活”。理论上,当PPE将任务完美地分解并分配给8个SPE(PS3中为确保良率,只启用了7个)协同工作时,Cell能爆发出远超同期传统CPU的恐怖计算性能,其浮点运算能力在当时达到了惊人的230 GFLOPS,这在消费级产品中是前所未闻的。但是,这对编程来说是个灾难。Cell的理论性能无比强大,但要将其转化为实际的游戏画面,却给游戏开发者们带来了巨大的痛苦,甚至被形容为“地狱般的编程体验”。但是也要推广啊,IBM就到学校里去推广这个Cell,先从学生入手。提交了就有2000还是3000的钱,如果再得一个奖,就更多了,我就跟2个同学去报名了,不管会不会,先报上名再说。反正大家都不会。每个SPE都拥有自己的一块高速但极小的本地内存(256KB)。开发者必须手动编写代码,将需要处理的数据从主内存搬运到SPE的本地内存,计算完成后再手动搬回去。这个过程极其繁琐且极易出错,稍有不慎就会导致严重的性能瓶颈。如何将一个复杂的游戏任务(如物理计算、AI、音频处理)完美地拆分成多个子任务,并让所有SPE高效地协同工作,这对程序员的并行编程能力提出了前所未有的高要求。我们3个的目标是拿到这个钱,就做了一个相对简单的,把7-zip这个开源的代码,移植到这个Cell上跑,然后证明这个Cell确实比单核的NB。后来我们确实拿到了钱,每个人分了1000块。不过也让我意识到,多核编程并不适合所有的任务。LZMA是字典式压缩,压缩过程中的每一步都严重依赖前一步的结果。算法需要不断地在巨大的“字典”(刚压缩过的数据)中回头查找最长的匹配项,这个过程是线性的、串行的,很难拆分成8个独立的并行任务。 压缩算法充满了对比特和字节的操作、整数计算以及复杂的逻辑判断,几乎不涉及浮点运算。而SPE是为海量的浮点数学运算而生的,这是图形学和科学计算的核心。SPE的内部逻辑单元很简单,没有复杂的“分支预测”等功能,它喜欢执行重复、直接的指令。SPE依赖于从主内存到其256KB本地小内存的高速数据传输(DMA)。它最喜欢可预测的、连续的数据块。而LZMA的随机字典查找会彻底破坏这种模式,导致SPE不断地请求零碎、不连续的数据,大部分时间都浪费在等待数据“喂”到嘴里,而不是在计算。最终,所有这些复杂的、无法并行的逻辑和任务调度都只能由那个唯一的“大管家”PPE来处理。而PPE本身只是一个性能尚可的通用核心,它很快就会不堪重负,成为整个系统的瓶颈,而那8个强大的SPE“专家”却无事可做。用Cell跑7-Zip,是一种典型的“让英雄无用武之地”的场景,无法发挥Cell的任何架构优势,最终的性能表现自然也不会理想。这恰好证明了在计算机世界里,“最合适的”远比“理论上最强大的”更加重要。有损压缩 (Lossy Compression)有损压缩则会永久性地、有选择地丢弃一部分数据,以换取极高的压缩率。当然,它丢弃的不是随机数据,而是人眼或人耳最不敏感的数据。利用人类感官的生理和心理特性(心理声学模型和心理视觉模型)。我们的感官系统并非完美,对某些信息的感知能力有限,有损压缩正是利用了这一点。常见算法举例:JPEG (图片)人的眼睛对亮度的敏感度远高于对色彩的敏感度。JPEG会保留大部分亮度信息,但会将一些相近的色彩“合并”成同一种颜色,从而大大减少数据量。对于一张色彩丰富的照片,这种细微的色彩损失你几乎无法察觉。它会将图像分解成不同频率的波形,并大量丢弃代表图像细节(如纹理)的高频部分,因为人眼对平滑的低频部分更敏感。MP3 (音频)利用“遮蔽效应”,这是心理声学的核心。当一个很强的声音(比如鼓声)和一个很弱的声音(比如微弱的弦乐)同时出现时,你的耳朵很可能只能听到那个强的声音。MP3编码器就会聪明地把那个你反正也听不到的弱声音直接从数据中剔除掉。MPEG/H.264 (视频)视频压缩是集大成者。它不仅会对每一帧图像进行类似JPEG的有损压缩,更重要的是,它会分析帧与帧之间的差别。如果画面中只有一个人在说话,背景是静止的,那么压缩器就没必要把每一帧的背景都重新存一遍。它只会存储一次背景,然后只记录接下来几帧中发生变化的部分(比如嘴部的动作)。简单来说,当你需要保证数据的绝对保真时,选择无损压缩;当你追求更小的文件体积且能接受微小质量损失时,有损压缩是更好的选择。这两类技术共同协作,才支撑起了我们今天高效便捷的数字生活。WinRAR的核心算法属于无损压缩技术。更具体地说,它主要基于大名鼎鼎的 LZ系列算法(Lempel-Ziv),并在此基础上进行了大量的优化和改进,形成了自己独特的、专有的压缩算法。WinRAR的算法是一种高度优化的、专有的无损压缩技术。它以LZ系列字典式压缩为核心,并融合了固实压缩、特定数据预处理等多种先进技术,使其在压缩率和功能性上长期处于行业领先地位。WinRAR的故事,是一个关于技术、远见和独特商业策略的成功案例。它诞生于一个对文件压缩有迫切需求的时代,凭借其创始人出色的技术实力和对用户需求的精准把握,迅速占领了市场。而它那“永不过期”的试用模式,更是在商业世界中显得独树一帜,最终成就了它在全球范围内无与伦比的普及度。时至今日,尽管云存储和各种新兴传输方式不断涌现,但WinRAR依然是许多人电脑中不可或缺的工具之一。下一次,当你熟练地右键点击文件,选择“添加到压缩包”时,可以回想一下这个由俄罗斯程序员兄弟创造的、已经流行了近三十年的软件传奇。
Chris and Hector break down a Russian-linked zero-day exploit targeting WinRAR users, why stolen browser cookies bypass MFA, the economic motives behind security features (or lack thereof), and Hector's nostalgic farewell to AOL dial-up. Join our new Patreon! https://www.patreon.com/c/hackerandthefed Send HATF your questions at questions@hackerandthefed.com
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Erlang OTP SSH Exploits A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ WinRAR Exploited WinRAR vulnerabilities are actively being exploited by a number of threat actors. The vulnerability allows for the creation of arbitrary files as the archive is extracted. https://thehackernews.com/2025/08/winrar-zero-day-under-active.html Citrix Netscaler Exploit Updates The Dutch Center for Cyber Security is updating its guidance on recent Citrix Netscaler attacks. Note that the attacks started before a patch became available, and attackers are actively hiding their tracks to make it more difficult to detect a compromise. https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/ OpenSSH Post Quantum Encryption Starting in version 10.1, OpenSSH will warn users if they are using quantum-unsafe algorithms https://www.openssh.com/pq.html
CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russia's RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into persistent threats. The Franklin Project enlists volunteer hackers to strengthen cybersecurity at U.S. water utilities. DoD announces the winner of DARPA's two-year AI Cyber Challenge. The U.S. extradites Ghanaian nationals for their roles in a massive fraud ring. Our guest is Steve Deitz, President of MANTECH's Federal Civilian Sector, with a look at cell-based Security Operations Centers (SOC). AI advice turns dinner into a medical mystery. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Steve Deitz, President of MANTECH's Federal Civilian Sector, as he is discussing the cell-based Security Operations Center (SOC) approach. Check out the full conversation from Steve here. Selected Reading Understanding and Mitigating CVE-2025-53786: A Critical Microsoft Exchange Vulnerability (The DefendOps Diaries) CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw (GB Hackers) SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks (GB Hackers) Google Calendar invites let researchers hijack Gemini to leak user data (Bleeping Computer) North Korean Group ScarCruft Expands From Spying to Ransomware Attacks (Hackread) Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada (SecurityWeek) BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats (SecurityWeek) DEF CON hackers plug security holes in US water systems (The Register) DARPA announces $4 million winner of AI code review competition at DEF CON (The Record) 'Chairmen' of $100 million scam operation extradited to US (Bleeping Computer) Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT (404 Media) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
If you like what you hear, please subscribe, leave us a review and tell a friend!
A security researcher scores $250,000 for a Chrome bug, WinRAR patches another zero-day, new vulnerabilities found in the Tetra communications protocol, and a researcher gains access to Microsoft's internal network for fun… and no profit. Show notes Risky Bulletin: Researcher scores $250,000 for Chrome bug
80 éve történt két robbanás, ami örökre megváltoztatta a világot Új eredmények a porckopás kutatásában Gengszterbecsület és érzelmek: kipróbáltuk az új Mafiát Magyarországon is drágul a Spotify A ChatGPT-től kért tanácsot, mérgezést kapott Rákapott az amerikai kormány a ChatGPT-re Megint súlyos sebezhetőséget találtak a WinRAR-ban, azonnal frissíteni kell Óriási elismerést kapott a Philips és AOC monitorok mögött álló cég Mi lesz Gödöllőn? – A Hyundai bevezeti az új Shucle közlekedési rendszert A mesterséges intelligencia korszakváltást hozhat az oktatásban – a Makronóm Intézet elemzése Célkeresztbe vették az egészségügyet a bűnözők A további adásainkat keresd a podcast.hirstart.hu oldalunkon.
80 éve történt két robbanás, ami örökre megváltoztatta a világot Új eredmények a porckopás kutatásában Gengszterbecsület és érzelmek: kipróbáltuk az új Mafiát Magyarországon is drágul a Spotify A ChatGPT-től kért tanácsot, mérgezést kapott Rákapott az amerikai kormány a ChatGPT-re Megint súlyos sebezhetőséget találtak a WinRAR-ban, azonnal frissíteni kell Óriási elismerést kapott a Philips és AOC monitorok mögött álló cég Mi lesz Gödöllőn? – A Hyundai bevezeti az új Shucle közlekedési rendszert A mesterséges intelligencia korszakváltást hozhat az oktatásban – a Makronóm Intézet elemzése Célkeresztbe vették az egészségügyet a bűnözők A további adásainkat keresd a podcast.hirstart.hu oldalunkon.
If you like what you hear, please subscribe, leave us a review and tell a friend!
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
Another Israeli spyware vendor surfaces. Win11 to delete restore points more quickly. The EU accelerates its plans to abandon Microsoft Azure. The EU sets timelines for Post-Quantum crypto adoption. Russia to create a massive IMEI database. Canada and the UK create the "Common Good Cyber Fund". U.S. states crack down on Bitcoin ATMs amid growing scams. Congressional staffers cannot use WhatsApp on gov devices. LibXML2 and the problems with commercial use of OSS. A(nother) remote code execution vulnerability in WinRAR. Have-I-Been-Pwned gets a cool data visualization site. How is ransomware getting in? Windows to offer "safe" non-kernel endpoint security? Proactive age verification coming to porn sites. How? Canada (also) says "bye bye" to Hikvision. Germany will be banning DeekSeek. The whole EU may follow. Cloudflare throttled in Russia? What must the U.S. do to compete in global exploit acquisition? Show Notes - https://www.grc.com/sn/SN-1033-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/securitynow Melissa.com/twit 1password.com/securitynow hoxhunt.com/securitynow canary.tools/twit - use code: TWIT
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Scans for Ichano AtHome IP Cameras A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software. https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062 Critical Netscaler Security Update CVE-2025-5777 CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/ WinRar Vulnerability CVE-2025-6218 WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9
In this episode of Cybersecurity Today, host Jim Love covers important security updates and warnings including critical flaws in WinRAR, a patch for a high severity zero-day vulnerability in Windows CLFS, and a security vulnerability in WhatsApp's Windows desktop application. He urges users to update their software to protect against exploits. Additionally, Jim discusses Identity Management Day and the concerning findings from an OKTA survey revealing Canadians' growing worries about identity theft. He announces his plan to create a special segment on new identity solutions to address these concerns. The episode also includes a shout-out to the BSides Calgary event for information security professionals. 00:00 Introduction and Event Announcement 00:51 Critical Flaws in Compression Utility 03:33 Microsoft Patches Zero-Day Exploits 05:01 WhatsApp Security Vulnerability 06:46 Identity Management Day Insights 10:13 Conclusion and Contact Information
Haugh fired from leadership of NSA and Cyber Command WinRAR flaw bypasses Windows Mark of the Web security alerts Researcher creates fake passport using ChatGPT Thanks to our episode sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity. https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822 Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457 In February, Ivanti patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-march https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ WinRAR MotW Vulnerability CVE-2025-31334 WinRAR patched a vulnerability that would not apply the Mark of the Web correctly if a compressed file included symlinks. This may make it easier to trick a victim into executing code downloaded from a website. https://nvd.nist.gov/vuln/detail/CVE-2025-31334 Microsoft Warns of Tax-Related Scam With the US personal income tax filing deadline only about a week out, Microsoft warns of commonly deployed scams that they are observing related to income tax filings https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/ Oracle Breach Update https://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen
Parmi les nombreux systèmes d'exploitation existants, ReactOS fait figure d'exception. Initié en 1996, ce projet ambitieux vise à exécuter nativement les applications Windows, en reproduisant l'architecture et les fonctionnalités de Windows NT. Concrètement, ses développeurs ont recréé une grande partie des interfaces de programmation du système de Microsoft, permettant aux logiciels Windows d'interagir avec ReactOS comme s'ils tournaient sur leur plateforme d'origine.Malgré près de 30 ans de développement, ReactOS est toujours en phase alpha, mais il a prouvé sa compatibilité avec plusieurs logiciels, comme d'anciennes versions de Microsoft Office, des lecteurs multimédias comme VLC ou Winamp, des jeux rétro ou encore des utilitaires comme WinRAR. Son noyau hybride gère les ressources matérielles, la mémoire et les processus, en tentant d'émuler au mieux le comportement du noyau de Windows NT. Pour élargir encore sa compatibilité, il intègre également Wine, un autre projet permettant de faire fonctionner des applications Windows sous Linux.En 2023, l'équipe a surpris en annonçant la compatibilité de ReactOS avec les smartphones Lumia, grâce à la prise en charge de l'UEFI 64-bit (AMD64 et ARM64). Plus récemment, elle a ajouté la stack audio de Windows, même si un bug empêche pour l'instant son bon fonctionnement. Autre avancée : les versions nightly build peuvent désormais être exécutées sur un LiveUSB, sans nécessiter d'installation complète. Une prochaine mise à jour élargira encore cette possibilité, rendant le test du système plus accessible. Si ReactOS reste un projet de niche, il continue de séduire les passionnés de rétrocompatibilité et les adeptes d'alternatives libres à Windows. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
Esce finalmente la versione 3 di Gimp. La definizione di IA open source. Simulazione IA di civilizzazioni. La fuga da X dei giornalisti. App per foto senza IA. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di Maio, Giulio CupiniProduttori esecutivi:Jacopo Pellerin, XFCJK, Andrea Guido, Nicola Grilli, Giuliano Arcinotti, Umberto Marcello, Simone Podico, Vincenzo Ingenito, Enrico Carangi, Carlo Tomas, Marco Grechi, Idle Fellow, Paolo Tegoni, Mario Cervai, Alessandro Gheda, Paolo Bernardini, @Ppogo, Roberto A., Michelangelo Rocchetti, Alessio Ferrara, Edoardo Volpi Kellerman, Jacopo Pellarin, Manuel Zavatta, Enrico Facchin, Arzigogolo, Fabio Brunelli, Antonio Taurisano, Stefano Bonuccelli, Andrea Nicola Vasile, Diego Arati, Michele Olivieri, @Akagrinta, Ivan, Roberto Medeossi, Emanuele Libori, Letizia Calcinai, Denis Grosso, Michele Francesco Falzarano, Donato Gravino, Ftrava, Alessandro Stevanin, @Jh4Ckal, Mario Giammona, Davide Tinti, Gianluca Trevisani, Calogero Augusta, Luca Ubiali, Daniele Bastianelli, Ekaterina Zakaryukina, Capitan Harlock, Alessandro Morgantini, Georg Wenter, Cristian Pastori, Giorgio Puglisi, Nicola Fort, Mario Omodeo, Andrea Giovacchini, Andrea Malesani, Miriana NovellaSponsor:Links:GIMP 3.0 took two decadesWe finally have an 'official' definition for open source AINew 'Open Source AI Definition' Criticized for Not Opening Training DataDebian General Resolution drafted opposing OSI's Open Source AI Definitionaltera-al/project-sidNow theres an anti-AI camera app for Android tooAnthropic hires its first AI welfare researcherArs Live: Our first encounter with manipulative AIPiracy Shield: dura critica del commissario Giomi al presidente AgcomAgcom ancora più divisa su Piracy ShieldI costi di Piracy ShieldDAZN blocca SmartOne IPTV su TV LG e SamsungOK, these videos are getting out of control
In today's episode, we explore the FlyingYeti campaign exploited by using a WinRAR vulnerability (CVE-2023-38831) to deliver COOKBOX malware in Ukraine, detailed by Cloudflare's Cloudforce One: https://thehackernews.com/2024/05/flyingyeti-exploits-winrar.html. Next, we discuss the unprecedented mystery malware attack that destroyed 600,000 routers from ISP Windstream, reported by Black Lotus Labs: https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/. Finally, we dive into the Trend Micro study on CISOs facing pressure from corporate boards to downplay cyber risk: https://www.cybersecuritydive.com/news/cisos-pressure-boards-downplay-cyber-risk/717497/. Tags: WinRAR, COOKBOX, FlyingYeti, Cloudflare, cyber warfare, Ukraine, phishing attacks, malware, routers, ISP, threat actor, Trend Micro, CISOs, cyber risks, organizational security Search Phrases: WinRAR vulnerability explained COOKBOX malware detection and removal FlyingYeti cyber attack details Cloudflare security advisories Protecting against phishing attacks Malware impact on routers ISP security breach cases Trend Micro cybersecurity reports CISO corporate board pressure Organizational cybersecurity best practices May31 An unknown threat actor recently unleashed a devastating malware attack that obliterated over 600,000 routers from a single internet service provider in just 72 hours. Forcing the company to replace all of the affected devices, leaving their patrons in digital darkness. What the heck happened here and how will we recover from this? Under mounting pressure from corporate boards, nearly four and five chief information security officers or CSOs are being pushed to downplay the severity of cyber risks. As revealed by a recent trend micro study.. How can CSOs navigate the pressure from corporate boards while also maintaining robust security posture? And finally, sometimes I pick stories simply because the name is too good. So flying Yeti is exploiting a WinRAR vulnerability to deliver cookbook malware in Ukraine marking another alarming chapter in Russia, aligned cyber warfare. You're listening to the daily decrypt.. And just over 72 hour time period malware called Chalubo Rendered more than 600,000 routers permanently unusable. All of these routers belonged to a single internet service provider named Windstream. And this ISP is now forced to replace every single one of these routers. Now that is not a small task. And a lot of these routers live in rural areas, which would be a long drive for. ISP technicians to make. And there were only so many ISP technicians. Out there. Sure they can ship you these routers, but that's going to take a long time because no supply chain is equipped to handle a random 600,000. Product order. Overnight. So who knows how long these people will be without internet? The specific routers that were affected are action tech T 3,200 and Sage com. And users are reporting a static red light on their routers, which indicates failure. Wow. Black Lotus labs utilize the census search engine. To track these affected router models and noted that. Throughout that 72 hour time period. There was a 49% drop in connections for these routers. So almost half of these routers on the public internet. Went offline. And I had mentioned that a lot of these routers lived in rural areas. But the spread of this disaster is, is pretty wide and vast because. This internet service provider provided service specifically to. Rural areas. And what is out in rural areas, a lot of farming and agriculture. So who knows what sort of impact this will have? Over. Our food source in the coming months. ' cause even tractors nowadays rely on wifi. Which is a whole nother wormhole. That I won't get to on this episode, but if you're interested, go ahead and look up John Deere wifi. And cloud connectivity because I believe they actually locked down these devices. And you have to be connected to the cloud to use them or something crazy like that. And this will also affect emergency services, which are few and far between. Out in rural areas already. Which is just unfair. But I hope this ISP is doing okay. And has a solid disaster recovery plan for how to get. Their patrons back online. It's. As far as I can tell, pretty much not feasible to get 600,000 devices out to patrons in any sort of reasonable amount of time. So. Hopefully. They can provide their patrons with maybe Amazon gift cards and instructions on how to connect. Routers purchased on Amazon or best buy to the ISP network or, or some, some sort of creative solution to get internet back online. As of right now, researchers have not identified how the routers were initially infected. Some possible methods could include exploiting, unknown vulnerabilities or abusing weak credentials. Or even maybe accessing exposed administrative panels. And I'm sure we'll hear some more from security researchers in the coming weeks on how this happened. But it's pretty hard to pin down because routers are widely. Insecure. And unpatched and it could be a myriad of ways. That they were compromised. And on that note, how do you prevent this? Make sure your routers are regularly updated. It is probably not updating itself. So you're going to have to go in and you're going to have to find. That update button. I'm sorry. That totally sucks, but just do it. This is about the worst case that can happen other than being spied on. And in fact, I was actually traveling out of town and staying with a friend recently. And I asked his permission to go into his router just to see what was going on. I like to poke around and make sure my friends are secure. And I, while I was in there. Updated his router had never been updated. Wasn't automatically updating. And I went ahead and showed him how to do it himself. According to a study recently done by trend micro. Almost four and five CSOs report feeling pressured by corporate boards to downplay their company's cyber risk. Which is a conflict between executives and security professionals that we've seen a lot in the past, but we're really hoping. Is being remediated due to all the visibility on cybersecurity risk. But this study is showing that we still have a lot of work to do. According to this study, 43% of security leaders feel they are perceived as nagging. Or repetitive while 42% feel seen as overly negative about their cyber risk. In the United States, the sec mandates that publicly traded companies disclose significant cybersecurity incidents within four business days, which is only going to add pressure to these CSOs. To manage their board's expectations while also complying with regulations. That is not a job that I envy. In fact, the sec charged solar winds and its top cyber risk executives for misleading investors about their cyber resilience. Now any study done relies on the opinions and questions asked to the specific participants, right? So this. Is kind of contradicted by a similar study done by proof point earlier this year that shows that 84% of CSOs now feel aligned with their boards on cyber risk. Which would indicate the opposite of this study. Ear, regardless. If you're a CSO or if you're an aspiring CSO. It's hard. To confront the people that pay you and write your checks. But you owe it to yourself and you owe it to your company. And you owe it to cybersecurity as a whole to take a stand. And. Make sure that the cyber risk you're dealing with is identified and. Addressed to the best of your ability. Uh, my favorite leadership tactic or strategy or principle is. To not be afraid or to recognize that it would be your proudest moment to be fired for standing up for something you believe in. Which is almost the way you have to approach leadership. Nowadays, you're going to get a lot of pressure from above and you're going to get a lot of pressure from below. So unless you know what you stand for. You're probably going to pick the wrong side. So pick something, stand for it. Hopefully it follows moral grounds and make it your life's honor to get fired for standing up for what you believe in. So we all know what phishing is. And with the invent of generative AI and machine learning, et cetera, phishing is only on the rise. People are being. Provided with more and more tools that will help them fish more efficiently. So of course fishing is going to be on the rise. It's a very effective hacking technique. Well, further proof of that. Comes when. CloudFlare disrupted a phishing campaign by a Russia aligned group called flying Yeti. That has been targeting Ukraine with quote cook box malware. Lots of good visuals there. The attackers use debt themed, lures exploiting concerns over housing and utilities to trick victims. Once the fishing victim clicks the link. They're directed to a get hub page that mimics cube Coleman, Alta, which is a leading malicious RAR archive. Download. The cook box malware then uses PowerShell to control the infected system. Connecting to a DDNS domain for command and control. Flashpoint also noted that Russian apt groups are refining their tactics and expanding their targets. Using malware, like agent Tesla and snake key logger. To accomplish their cyber crime goals. And as I mentioned in the intro, I mostly picked this story because of the fun visuals of a flying Yeti. But. Keep yourself up to date on fishing tactics, know what to look for and how to avoid getting fished yourself. I was talking to a friend yesterday who was showing me an example of a phishing email that his company came across. And it looked really good. I couldn't actually identify it as a phishing email. So, what do you do in that case? You should be skeptical of any link you click in any email. Never click a link without first thinking about what you're clicking. It's a really hard habit, but it will save you a lot of time and money. By not getting fished. Right. So first thing, check the email address it was sent from. I think it was my dad recently who sent me an email that he thought might be fishing, but couldn't tell. And so he just forwarded it to me. And yeah, the first thing I did was open up and see the email address sent. Sometimes it'll show like an alias, like Facebook marketing, but then the actual email address is something different and yeah, in. In this case. It was something like cutie pie, thirty6@gmail.com. Sending an email. Requesting to reset your password on Facebook or something like that. Like that's never going to happen. It'll come from, I mean, Facebook does use some pretty sneaky domains. That look like fishing. So Hey, knock that off Facebook. But it'll never be from a Gmail. It'll always be from a Facebook or fb.me or something like that. And if the email looks legit, You can always. Google. Malware sandbox or something like that and find a service they're free and you can copy the link, paste it in there and see what it does. I did this for my dad's email as well. It was a PDF and I got to actually watch the PDF. On a screen like this, this virtual machine opened up the PDF. And I got to watch it, try to ex execute other programs. In the background. It was super cool. But yeah. Try to use a safe environment to open up that link, or if it's not necessary. To click the link. Like if you have to reset your Facebook password, you can just go log into Facebook and go to your settings and reset your own password. You don't have to click the link for convenience. If it's like pay your bill. Now you can just go to your account by typing in the URL yourself. And pay the bill. Don't click the link. Just try to avoid clicking links as much as you possibly can.
On this week's show Patrick and Adam discuss the week's security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week's show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week's show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island's Bradon Rogers is this week's sponsor guest and he'll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ‘cascade' of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ‘MFA Bombing' Attacks Targeting Apple Users – Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ‘Security Engineering,' passes away
On this week's show Patrick and Adam discuss the week's security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week's show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week's show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island's Bradon Rogers is this week's sponsor guest and he'll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ‘cascade' of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ‘MFA Bombing' Attacks Targeting Apple Users – Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ‘Security Engineering,' passes away
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.NSFOCUS Research Labs about how the DarkCasino APT group has leveraged a recently disclosed WinRAR zero-day vulnerability.G DATA CyberDefense is reporting on a threat actor using the ZPAQ archive and .wav file extension to infect systems with Agent Tesla.A technical analysis of DarkGate Malware-as-a-Service which is widely available on various cybercrime forums by the RastaFarEye persona.The Micrososft Threat Intelligence team has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.The Chinese hacker group “Chimera” broke into NXP - a Dutch chip maker - at the end of 2017 and had access to the manufacturer's systems until the spring of 2020.To learn more about the community initiative to help end domestic violence please visit cybersecurity-cares.com
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sentinel One talking about emerging trends and evolving techniques for macOS malware in 2023BlackCat operators recently announced new updates to their tooling, including a utility called MunchkinOn October 16, Cisco released an advisory regarding a critical zero-day privilege escalation vulnerability in their IOS XE Web UI software.WithSecure Labs is reporting that Vietnamese cybercrime groups are using multiple different Malware as a Service infostealers and Remote Access Trojans to target the digital marketing sector.The FBI in Phoenix is warning the public of a new scam dubbed “The Phantom Hacker.”Google's Threat Analysis Group has recently observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831.
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
This info-packed episode of TWiET dives into the hidden dangers of Google hosted ads with malware. Guest Adam Jacob shares his vision for a "second wave" of DevOps to achieve better collaboration and outcomes. Patch Winrar right now The most used IT Admin passwords Cisco reports 10,000 network devices backdoored with unpatched 0-day The global chip talent shortage and partnerships addressing it The risks of malicious Google ads using punycode to disguise fake URLs Adam Jacob, CEO of System Initiative and Co-founder of Chef talks about his vision for improving and rebuilding DevOps from the ground up. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Adam Jacob Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial vulnerabilities. Chris is also the author of the Baby Harvest, a book based on criminals and terrorists using virtual babies and fake deaths for financing. He has also been invited to speak at TED global. In the Security News: Fried squid is tasty, but the squid proxy is vulnerable, Flipper zero and other tools can now BLE Spam more than just Apple devices, Cisco IOS vulnerability in the web interface, again, is Signal vulnerable?, WinRAR being exploit, still, Math.Random is not really all that random, get your malware samples, and my inside look into Android TV devices, malware, and the horrors of the supply chain! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-803
Nation-states exploit the WinRAR vulnerability. Criminals leak more stolen 23andMe data. QR codes as a risk. NSA and partners offer anti-phishing guidance. A Ukrainian hacktivist auxiliary takes down Trigona privateers. Hacktivism and influence operations remain the major cyber features of the Hamas-Israeli war. On today's Threat Vector, David Moulton speaks with Kate Naunheim, Cyber Risk Management Director at Unit 42, about the new cybersecurity regulations introduced by the SEC. Our own Rick Howard talks with Jen Miller Osborn about the 10th anniversary of ATT&CKcon. And the epistemology of open source intelligence: tweets, TikToks, Instagrams–they're not necessarily ground truth. Threat Vector To delve further into this topic, check out this upcoming webinar by Palo Alto's Unit 42 team on November 9, 2023, "The Ransomware Landscape: Threats Driving the SEC Rule and Other Regulations." Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/200 Selected reading. Government-backed actors exploiting WinRAR vulnerability (Google) The forgotten malvertising campaign (Malwarebytes) Hacker leaks millions of new 23andMe genetic data profiles (BleepingComputer) Exploring The Malicious Usage of QR Codes (SlashNext |) How to Protect Against Evolving Phishing Attacks (National Security Agency/Central Security Service) GuidePoint Research and Intelligence Team's (GRIT) 2023 Q3 Ransomware Report Examines the Continued Surge of Ransomware Activity (GuidePoint) Ukrainian activists hack Trigona ransomware gang, wipe servers (BleepingComputer) Navigating the Mis- and Disinformation Minefield in the Current Israel-Hamas War (ZeroFox) War Tests Israeli Cyber Defenses as Hack Attempts Soar (Bloomberg) U.S. says Israel ‘not responsible' for Gaza hospital blast; Biden announces ‘unprecedented' aid package in speech (Washington Post) Three clues the Ahli Arab Hospital strike came from Gaza (The Telegraph) Who's Responsible for the Gaza Hospital Explosion? Here's Why It's Hard to Know What's Real (WIRED) ‘Verified' OSINT Accounts Are Destroying the Israel-Palestine Information Ecosystem (404 Media) Learn more about your ad choices. Visit megaphone.fm/adchoices
Túnel cuántico con nanoantenas contra el cáncer / Un F-35 zombie se pierde / 5.500 copias de Winrar vendidas por un meme / Paint ahora es Mini Photoshop / Jefe de Surface ficha por Alexa Patrocinador: Si tu empresa necesita perfiles altamente cualificados, y no sabes por dónde empezar: llama a Randstad Professionals. En la consultora de selección del grupo Randstad te ayuda a seleccionarlos, ya sea de forma indefinida o temporal, a través de Interim Professionals. Túnel cuántico con nanoantenas contra el cáncer / Un F-35 zombie se pierde / 5.500 copias de Winrar vendidas por un meme / Paint ahora es Mini Photoshop / Jefe de Surface ficha por Alexa
Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tries to secure everything above the firmware, security through obscrurity doesn't work, should you hire cybersecurity consultants, pen testing is key for compliance, defense contractor leaks, inside a McFlurry machine, Barracuda is still chasing hackers, why Linux is more secure than windows, more details on WinRar and middle-out compression, a Wifi worm?, CVE-2020-19909 is almost everything that is wrong with CVE, Tacos, and hacking through a Fire stick! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-797
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
Picture of the Week: Steve shares a funny "what we say vs what we mean" image about tech support conversations. WinRAR v6.23 fixes: Steve explains that updating to the latest WinRAR is more important than initially thought, with two critical vulnerabilities being actively exploited by hackers since April to install malware. HTTPS for local networks: Responding to listener email, Steve agrees HTTP is fine for local network devices like routers but notes risks in larger corporate networks. Portable domains for email: Steve endorses a listener suggestion to purchase your own domain and use third-party services, retaining control if a provider shuts down. Google Topics and monopolies: Steve and Leo debate whether Topics favors large advertisers with greater reach to get user targeting data. Voyager 2 antenna analysis: A listener calculates the antenna beam width mathematically, showing 2 degrees off-axis may not be as remarkable as it sounded. Windows time settings: Steve clarifies the STS issue does not impact end users changing Windows clock settings, it's enterprise server-side. Unix time in TLS handshakes: The hosts discuss why Unix time stamps are sent but not required for TLS, tracing back to early nonce generation. Fake flash drives: Steve warns of a slew of fake high-capacity thumb drives flooding the market, explaining how SpinRite tests detected the flaw. Man-in-the-middle attacks: While agreeing HTTPS helps prevent malicious injection, Steve examines MITM attack practicality, arguing they are difficult for hackers to pull off. Show Notes - https://www.grc.com/sn/SN-937-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT Building Cyber Resilience Podcast
Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties! Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://www.microsoft.com/en-us/msrc https://msrc.microsoft.com/report/vulnerability/new https://www.microsoft.com/en-us/msrc/bounty https://msrc.microsoft.com/blog/ https://jobs.careers.microsoft.com/global/en/search?q=msrc&l=en_us&pg=1&pgSz=20&o=Relevance&flt=true https://www.microsoft.com/bluehat/ In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don't), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there's a Python in the sheets! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-796
OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
OpenSUSE goes private. Android to get satellite comms. SanDisk and Western Digital in hot water. You're asking for it: YouTube children's privacy. Whoopsie! 8Base. Where the money is. The TSSHOCK vulnerability. BitForge. A Quantum resilient security key. Removed Chrome extensions notifications. HTTPS by default? WinRAR 6.23 final released. Closing the Loop. When Heuristics Backfire. Show Notes - https://www.grc.com/sn/SN-936-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: panoptica.app kolide.com/securitynow joindeleteme.com/twit promo code TWIT
An APT41 subgroup uses new techniques to bypass security products. Iranian cyberespionage group MuddyWater is using Managed Service Provider tools. Wipers reappear in Ukrainian networks. Meta observes and disrupts the new NodeStealer malware campaign. The City of Dallas is moderately affected by a ransomware attack. My conversation with Karin Voodla, part of the US State Department's Cyber fellowship program. Lesley Carhart from Dragos shares Real World Stories of Incident Response and Threat Intelligence. And there's been an indictment and a takedown in a major dark web carder case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/86 Selected reading. Attack on Security Titans: Earth Longzhi Returns With New Tricks (Trend Micro) APT groups muddying the waters for MSPs (ESET) Russian hackers use WinRAR to wipe Ukraine state agency's data (BleepingComputer) WinRAR as a "cyberweapon". Destructive cyberattack UAC-0165 (probably Sandworm) on the public sector of Ukraine using RoarBat (CERT-UA#6550) (CERT-UA) The malware threat landscape: NodeStealer, DuckTail, and more (Engineering at Meta) Facebook disrupts new NodeStealer information-stealing malware (BleepingComputer) NodeStealer Malware Targets Gmail, Outlook, Facebook Credentials (Decipher) City of Dallas likely targeted in ransomware attack, city official says (Dallas News) Cybercriminal Network Fueling the Global Stolen Credit Card Trade is Dismantled (US Department of Justice) Secret Service, State Department Offer Up To $10 Million Dollar Reward For Information On Wanted International Fugitive (US Secret Service) Police dismantles Try2Check credit card verifier used by dark web markets (BleepingComputer)