Podcasts about zerologon

[Referências do Episódio] - Relatório Tempest: 5 ameaças que pautaram 2021 e o que esperar de 2022 - https://cloud.mkt.tempest.com.br/relatorio-ameacas-2021-2022 - Pesquisa do IDC sobre gastos em segurança no Brasil - https://www.zdnet.com/article/security-spend-to-reach-1-billion-in-brazil-in-2022/?utm_source=pocket_mylist - Campanha do Xenomorph - https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html - Uso do Zerologon pelos operadores da Qbot - https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ - Campanha do APT10 - https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934 - Sobre o APT10 - https://malpedia.caad.fkie.fraunhofer.de/actor/stone_panda [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

This month we look at new blogs from Tenable's security response team, including on a year of Zerologon, vulnerabilities in Microsoft Exchange Servers and Pulse Secure, and a widely spread flaw in wifi routers which could affect thousands of users globally.Show ReferencesOne Year Later: What Can We Learn from Zerologon? Microsoft's August 2021 Patch Tuesday Addresses 44 CVEs Remote Code Execution Patch Bypass in Pulse Connect Secure ProxyShell: Attackers Actively Scanning for Vulnerable Microsoft Exchange Servers Bypassing Authentication on Arcadyan Routers with CVE-2021–20090 and rooting some Buffalo Follow along for more from Tenable Research:Subscribe to the blogFollow Tenable's Zero Day team on Medium

Podcast: Aperture: A Claroty PodcastEpisode: Tom Tervoort on ZerologonPub date: 2020-12-17Tom Tervoort, a senior security specialist with Netherlands-based Secura, joins the Aperture Podcast to discuss the Zerologon vulnerability in Windows Netlogon. This critical crypto bug in the Netlogon authentication mechanism was discovered by Tom and the Secura team, and patched in August by Microsoft. Since then, exploit code has surfaced and the vulnerability has been used by two separate APT groups. Tom discusses how he "accidentally" discovered Zerologon, the risks posed by successful exploits, how and why APTs might use it, and the resources required to use it in attacks against Active Directory, domain controllers, and other Windows authentication mechanisms. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Next month we move into the automatic enforcement phase for the Zerologon vulnerability. Understand what this means and be prepared for next steps. Connect with us: https://www.linkedin.com/company/envisionitllc marketing@envisionitllc.com

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

2021's first Patch Tuesday, Titan Security Key side-channel attack, WhatsApp. When is Chrome not Chromium? A major DuckDuckGo milestone. Project Zero in the wild. First Patch Tuesday of 2021. ZeroLogon Drop Dead. NSA warns against outsourcing DoH services. A Side-Channel in Titan. The "PayPal Football" WhatsApp's decision to bring its data into Facebook. We invite you to read our show notes at https://www.grc.com/sn/SN-802-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: business.eset.com/twit expressvpn.com/securitynow canary.tools/twit - use code: TWIT

Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss security awareness training company KnowBe4 being spoofed, the fact the security awareness training for you staff does wear off over time and Microsoft's zero login flaw. Get IT tips here: > www.OptricsInsider.com Timecodes: 0:00 - Intro 0:18 - Today's 3 topics 0:50 - Topic 1: KnowBe4's Emails Spoofed 3:03 - Topic 2: Security Awareness Training Wears Off 4:46 - Topic 3: Microsoft Zero Login Flaw 7:35 - Closing remarks Learn more about KnowBe4 being spoofed: > They're Back: Bad Guys Spoof KnowBe4 Again Download a copy of KnowBe4's Social Engineering Red Flags PDF here: > www.OptricsInsider.com/SocialEngineeringRedFlags Learn more about why security awareness training wears off and what you can do: > Phishing awareness training wears off after a few months Learn more about Microsoft's zero login flaw: > Zerologon: Instantly Become Domain Admin by Subverting Netlogon Cryptography (CVE-2020-1472) > Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday > As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected #OptricsInsider #ITSecurityTips #cybersecurity #technews #infosec --- Send in a voice message: https://anchor.fm/optrics-insider/message

Tom Tervoort, a senior security specialist with Netherlands-based Secura, joins the Aperture Podcast to discuss the Zerologon vulnerability in Windows Netlogon. This critical crypto bug in the Netlogon authentication mechanism was discovered by Tom and the Secura team, and patched in August by Microsoft. Since then, exploit code has surfaced and the vulnerability has been used by two separate APT groups. Tom discusses how he "accidentally" discovered Zerologon, the risks posed by successful exploits, how and why APTs might use it, and the resources required to use it in attacks against Active Directory, domain controllers, and other Windows authentication mechanisms. 

Baltimore schools struggling with ransomware UK tightens restrictions on Huawei 5G equipment ZeroLogon now detected by Windows Defender Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.

Worldwide campaign targets ZeroLogon exploit Brandon Wales takes over at CISA Maybe ransomware operators aren’t trustworthy after all? Thanks to our sponsor, Dtex Remote Workforce Security is a thing. Network detection and web proxy solutions have been rendered nearly useless as employees are working remotely and away from the corporate network. DTEX’s Workforce Cyber Intelligence Platform not only allows employers with visibility to monitor user behavior for cybersecurity best practices, but also to protect the employee from external attack. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.

In today's podcast we cover four crucial cyber and technology topics, including: 1. Nearly 24 thousand databases with usernames/passwords exposed 2. Sodinokibi impacts managed.com, services unavailable 3. LAPD bans use of commercial facial recognition 4. APT10 activity uncovered revealing use of LOLBins and ZeroLogon vulnerability I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

Eric has a covid scare (and cake!). Jon preps garden for next year. Zerologon and (not much) hospital followup, DoJ seizes domains, and Mattel discloses ransomware attack in SEC filing. REvil interview allegedly describes internals of ransomware as a service. For fun, we have What the Golf?, reconnecting with distant friends, and training a magpie to exchange bottle caps for peanuts. 0:00 - Intro 7:27 - Garden Beds 14:10 - Zerologon Followup 14:51 - No News is Good News 16:55 - Domain Seizure 20:02 - Mattel Ransomware Attack 22:59 - REvil Interview 30:11 - What the Golf? 35:31 - Voyager 2 Re-contact 39:07 - Peanuts for Bottle Caps 41:14 - Mark Rober Squirrel Course

This Halloween week, Threatpost editors break down the scariest stories haunting the security space, including: A wave of ransomware attacks targeting a number of hospitals, sparking worries about healthcare security and the impact on patents during COVID-19 "Zombie" vulnerabilities - including Zerologon and SMBGhost - that continued to haunt system admins this week Election security scares, from disinformation campaigns to cyberattacks hitting election infrastructure.

Ouça em menos de 20 minutos as notícias comentadas que foram destaques em Cibersegurança no Brasil e no mundo na última semana. Nesse episódio vamos falar sobre a semana de 18 a 24 de outubro. CyberSeg News. Toda Segunda-feira um resumo de notícias sobre Cibersegurança.

ShadowTalk hosts Kacey, Alec, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - SandWorm and its link to Russia’s GRU - what’s their history and what does this mean? - The Darkside ransomware group takes a philanthropic approach to cybercrime - Ryuk leverages Bazar Loader and Zerologon vulnerability in their recent (and very speedy) attack - Plus: The group discusses their favorite WiFi names Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-october-2020 ***Resources from this week’s podcast*** GRU Indictment: https://www.justice.gov/opa/press-release/file/1328521/download Darkside: https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/ Ryuk: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/ Charitable Cybercriminals Blog: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/ Digital Shadows Darkside Blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/ High Profile Arrests Blog: https://www.digitalshadows.com/blog-and-research/recent-arrests-and-high-profile-convictions-what-does-it-mean-for-the-cyber-threat-landscape/ Ransomware Trend Q3 Blog: https://www.digitalshadows.com/blog-and-research/ransomware-trends-in-q3/ Dark Pathways Into Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/dark-pathways-into-cybercrime-minding-the-threat-actor-talent-gap/

This episode features an interview with Ronald Deibert, Professor of Political Science, and Director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto. We talk about his new book, “Reset: Reclaiming the Internet for Civil Society.” We also talk about the unique Canadian talent for debate that is both bare-fisted and unusually polite. Ron gets to use both talents in our discussion of what's wrong with the technology ecosystem and whether it can be improved by imposing “restraint” on governments and the private sector. In the news roundup, I urge Twitter to bring back the Fail Whale to commemorate its whale of a fail in trying to suppress a New York Post story that is bad news for Joe Biden. It's a disaster on all fronts, with Twitter unable to offer a satisfactory explanation for its suppression of the news report, or to hold to any particular enforcement policy for more than a day, and ended with an embarrassing insistence that the Post can't have its account back until it deletes tweets that Twitter would probably allow the Post to post today.   And not surprisingly, the episode is encouraging everyone to think that they can do this better than Twitter. The FCC is going to start work on an effort to add an administrative gloss to section 230. Mark MacCarthy thinks the Commission lacks authority to interpret the provision; I disagree. We do agree that Justice Thomas's thoughts on section 230 are surprisingly detailed—and make Supreme Court review of the provision a lot more likely. Megan Stifel tells us that the ransomware business is getting even more specialized. Together we wonder if that specialization opens the door to new, even more creative ways to take down organized cybercrime. David Kris notes the pearl-clutching over search warrants that identify a pattern of conduct rather than an individual. He almost agrees with me that this is just what probable cause looks like in the twenty-first century. This Week in Europe's Tough Privacy Talk and Slow Privacy Walk: David teams with Charles Helleputte to make sense of two data protection rulings in Europe that bring a lot more thunder than lightning to the debate: First, an attack on the privacy standards, such as they are, for online advertiser  Real Time Bidding. Second, the proclamations of France's top court and its DPA about sending data to US cloud providers. Megan notes two stories that deepen trends we knew were coming: hackers chaining VPN and ZeroLogon bugs to attack US government networks, maybe including election agencies and Iranian state hacker group resorting to ransomware attacks. We cover a few updates of past weeks' stories: The fallout continues from OFAC's ransomware advisory. (Rumors that the agency will be renamed WTF OFAC are unconfirmed). And Tik/Chat seems to be settling in for a longer court battlebefore the government's arguments start to take hold. (As a bonus, our Cyberlaw grammarian makes a surprise appearance to announce the rule of English usage that prevents TikTok from ever being TokTik). In quick hits, we boldly predict that the government will launch an antitrust suit against Google, some day. We speculate on why Tesla's autopilot AI might be fooled by projected images. And note New York's claim that Twitter is systemically important to the nation's financial system. Which, I must admit, is a about the most 2020 thing I've heard in a while. And more! Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!                                                                                                                                                             Download the 334th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This month, Luke Tamagna-Darr is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are leveraging bugs together in attacks.Show References:Writing Security Advisories: 5 Best Practices For VendorsMicrosoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain ControllerCVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched VulnerabilitiesUS Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched VulnerabilitiesCVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices DisclosedMultiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to AttackCVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device ManagerTenable Research Spotify Playlist

On this week’s show Patrick and Adam discuss the week’s security news, including: Yep, it was Cyber Command Also Microsoft, Symantec, Lumen and others Norwegian parliament hack pinned on Russia We finally talk about “ethics in OST” More Netflix senior security engineer Scott Behrens also joins the show this week. This week’s episode if brought to you by Signal Sciences – which is now a part of Fastly – and they suggested we talk to Scott for their sponsor slot this week. So, Scott joins the show to talk through how Netflix handles appsec. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Report: U.S. Cyber Command Behind Trickbot Tricks — Krebs on Security Persistently Engaging TrickBot: USCYBERCOM Takes on a Notorious Botnet - Lawfare (1) Ciaran Martin on Twitter: "Fascinating account from ⁦@BobbyChesney⁩ on new adaptation of persistent engagement: the hounds released against #ransomware. https://t.co/Dk5Spcjkmy" / Twitter Trickbot and the Context of Cyber Warfare – Stranded on Pylos TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent | ZDNet The Man Who Speaks Softly—and Commands a Big Cyber Army | WIRED FBI/DHS: Government election systems face threat from active Zerologon exploits | Ars Technica DHS warns that Emotet malware is one of the most prevalent threats today | Ars Technica Norway says Russian hackers carried out breach at parliament Russian-speaking hackers target Russian organizations with industrial spying tools Chinese hackers suspected in cyber-espionage operation against Russia, India 'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows | Reuters Lined up in the sights of Vietnamese hackers Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet Cyber Command and Microsoft pile in on TrickBot - Risky Business Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux – Sophos News German tech giant Software AG down after ransomware attack | ZDNet Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work — Krebs on Security Malware gangs love open source offensive hacking tools | ZDNet Researchers map threat actors’ use of open source offensive security tools | The Daily Swig Researchers Found 55 Flaws in Apple's Corporate Network | WIRED Swiss Post releases bug bounty safe harbor wording under Creative Commons license | The Daily Swig

Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT Wasabi.com offer code SECURITYNOW

Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT Wasabi.com offer code SECURITYNOW

Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT Wasabi.com offer code SECURITYNOW

Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT Wasabi.com offer code SECURITYNOW

Carnival Cruise hack, ZeroLogon, Five Eyes vs Encryption. Chrome gets 86'd! Carnival Cruise Line Hack The largest company you've never heard of gets hit by ransomware hackers No connection logs? In France, you go to jail! Hacking the Apple ZeroLogon, the FBI, DHS and our forthcoming election security The revenge of DNT, as GPC, now enhanced with legislation The Anti-E2EE drumbeat beats yet again We invite you to read our show notes at https://www.grc.com/sn/SN-788-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 canary.tools/twit - use code: TWIT Wasabi.com offer code SECURITYNOW

This week, Dr. Doug talks Facebook Bug Bounty club, Zuck reverses, Trickbot, the FAA gets airline warning, IoT, Zerologon, and Fitbit! Jason Wood returns for Expert Commentary on Office 365: A Favorite for Cyberattack Persistence!   Show Notes: https://securityweekly.com/swn73 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Trickbot gets hit by both US Cyber Command and an industry team led by Microsoft. CISA and the FBI warn that an unnamed threat actor is chaining vulnerabilities, including Zerologon, to gain access to infrastructure and government targets. Ben Yelin shares his thoughts on the US House’s report on monopoly status for some of tech's biggest players. Our guest is David Higgins from CyberArk on how work from home has put a light on privilege access security. And the Five Eyes plus two call for legal access to encrypted communications. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/198

This week, Dr. Doug talks Facebook Bug Bounty club, Zuck reverses, Trickbot, the FAA gets airline warning, IoT, Zerologon, and Fitbit! Jason Wood returns for Expert Commentary on Office 365: A Favorite for Cyberattack Persistence!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn73

This week, Dr. Doug talks Facebook Bug Bounty club, Zuck reverses, Trickbot, the FAA gets airline warning, IoT, Zerologon, and Fitbit! Jason Wood returns for Expert Commentary on Office 365: A Favorite for Cyberattack Persistence!   Show Notes: https://securityweekly.com/swn73 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - The US Department of Treasury sends a message about negotiating with ransomware operators - APT28 compromises a US federal agency - Foreign spies use fronts to hide cyber espionage operations - Iranian nation-state threat actors leverage Zerologon flaw to carry out attacks Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-october-2020 ***Resources from this week’s podcast*** Sanctions for ransomware: https://threatpost.com/mixed-sanctions-ransomware-negotiators/159795/ APT28: https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ Foreign spies: https://www.cyberscoop.com/chinese-iranian-hackers-front-companies/ Zerologon: https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/ Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/

Докладно про головне Літаки “Судного Дня” в небі після того, як Дональд Трамп здав позитивний тест на COVID-19 Поліцейський доброчинний фонд купив GreyKey - інструмент для взламу iPhone Facebook відреагував на нещодавну документалку “The Social Dilemma” на Netflix Коротко про важливе Talos повідомляє про зліт експлуатації вразливості Zerologon Огляд трендів кібербезпеки від Microsoft Центри 911 були недоступні в кількох штатах Tools and write-ups Meduza by @kov4l3nko - “Universal” SSL-unpinning інструмент для iOS  GitHub запускає безкоштовний сканер безпеки коду для відкритих репозитаріїв Рекомендації Артем Карпінський в ефірі 4 каналу  “How to destroy digital surveillance capitalism” by Cory Doctorow Брюс Шнайєр про криптографію: спеціальне інтерв’ю на NoNameCon Смі#%*очки Вірус Emotet бере участь в виборах президента США 

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 222.  It is Thursday October 8th 2020.  I am your host Scott Gombar and Is Your Comcast Remote Spying on You? This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut.  You can visit us at nwajtech.com  Cyber Security Awareness Tip 8  Use MFA IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish Using a WordPress flaw to leverage Zerologon vulnerability and attack companies’ Domain Controllers Microsoft to tailor Windows 10 setups based on how you use your PC Microsoft adds consent phishing protection to Office 365 Phishing emails lure victims with inside info on Trump's health Microsoft 365 outage takes down Outlook and Microsoft Teams again QNAP fixes critical flaws that could lead to device takeover Comcast TV Remote Hack Opens Homes to Snooping

Cyber ops accompany fighting in the Caucasus. Iranian threat group exploits Zerologon in the wild. The Kraken gets unleashed in Southeast Asia, of all places. Emotet is back, and it’s after state and local governments. The US House identifies the Four Horsemen of Silicon Valley. Monero gains criminal market share. The US Comptroller of the Currency moves for clarity in alt-coin regulation. Joe Carrigan takes a look at ransomware trends. Our guest is Mathew Newfield from Unisys with remote school safety tips for students and parents. And a cyberattack from Waikiki. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/195

On this week’s show Patrick and Adam discuss the week’s security news, including: The UHS ransomware attack Someone is messing with TrickBot: Did the USA release the hounds? US Treasury issues final warning on sanctioned ransomware crews Azerbaijan and Armenia going at it Fancy Bear owns US government department Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes A Ransomware Attack Has Struck a Major US Hospital Chain | WIRED German investigators treating ransomware attack as negligent homicide, reports say Attacks Aimed at Disrupting the Trickbot Botnet — Krebs on Security Microsoft: Some ransomware attacks take less than 45 minutes | ZDNet US Treasury says some ransomware payments may need its express approval | ZDNet Front companies for Chinese and Iranian APTs doxxed - Risky Business Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says - CyberScoop US charges Iranian hackers for breaching US satellite companies | ZDNet A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware | WIRED Microsoft says Iranian hackers are exploiting the Zerologon vulnerability | ZDNet Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated North Korea has tried to hack 11 officials of the UN Security Council | ZDNet Federal Agency Compromised by Malicious Cyber Actor | CISA Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency | WIRED Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group | ZDNet TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet Kevin Rudd: «The Dollar is One of the Things China Fears» Portland passes landmark private sector facial recognition technology ban | The Daily Swig All four of the world's largest shipping companies have now been hit by cyber-attacks | ZDNet UN maritime agency says it was hacked | ZDNet Trump officials hint at update for US maritime cybersecurity Encrochat Investigation Finds Corrupt Cops Leaking Information to Criminals KuCoin cryptocurrency exchange hacked for $150 million | ZDNet GitHub rolls out new Code Scanning security feature to all users | ZDNet Facebook sues two Chrome extension makers for scraping user data | ZDNet Senator asks DHS if foreign-controlled browser extensions threaten the US | Ars Technica A security flaw in Grindr let anyone easily hijack user accounts | TechCrunch Hackers claim they can now jailbreak Apple's T2 security chip | ZDNet Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000 | The Daily Swig Mozilla shuts down Firefox Send and Firefox Notes services | ZDNet Member of 'The Dark Overlord' hacking group sentenced to five years in prison | ZDNet LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles John McAfee arrested in Spain, charged with tax evasion

This week on the podcast we circle back to cover a critical vulnerability in Windows Server, that could allow an attacker to obtain the keys to the kingdom with minimal effort. After that, we discuss a pair of alerts from the US Department of Treasury Office of Foreign Assets Control and Financial Crimes Enforcement Network on the topic of ransomware payments.

Show Links: YouTube Playlist ZeroLogon is now detected by Microsoft Defender for Identity (CVE-2020-1472 exploitation) Customizing Endpoint Protection Recommendation in Azure Security Center Security Center | Cloud connectors (Preview) Enriching Windows Security Events with Parameterized Function Analysing Web Shell Attacks with Azure Defender data in Azure Sentinel            

ShadowTalk hosts Adam, Kim, Stefano and Dylan bring you the latest in threat intelligence. This week they cover: - Mount Locker trying to extort 7+ figures from its victims - Old Gremlin - the team talks new activity attributed to this group - REvil looking for new affiliates and flexing with bitcoin - Healthcare hack has severe repercussions - Attackers exploit Zerologon vulnerability - Joker Trojan infects Google Play Store for Android - what we know - Celebrating Cyber Awareness Month with games and more Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-october-2020 ***Resources from this week’s podcast*** Old Gremlin: https://www.group-ib.com/blog/oldgremlin Mount Locker Ransomware: https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ REvil Ransomware: https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/ Zerologon: https://www.infosecurity-magazine.com/news/zerologon-windows-server-flaw/ Joker Trojan: https://threatpost.com/joker-trojans-android/159595/ Most Hacked Passwords: https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security Pwned Websites: https://haveibeenpwned.com/PwnedWebsites Darkside blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/

It's CVE bankruptcy! With a deluge of CVEs to cover from the last 2 weeks, we take a particular look at the ZeroLogon vulnerability in Samba this week, plus Alex covers the AppArmor 3 release and some recent / upcoming webinars hosted by the Ubuntu Security team.

Craig discusses a big problem right now. This particular vulnerability is called a zero log-on vulnerability.  What that means is your computer is vulnerable to attack without the bad guy, actually having to log on to the computer. Very, very, very. Bad. Okay. Known as an escalation-of-privilege problem. Microsoft has come out and issued some patches. Apparently, it's not going to be fully fixed for a while. Thanks, Microsoft (said firmly with my tongue in my cheek!) For more tech tips, news, and updates, visit - CraigPeterson.com --- Traders set to don virtual reality headsets in their home offices What's on Your Enterprise Network? You Might Be Surprised Malware Attacks Declined But Became More Evasive in Q2 One of this year’s most severe Windows bugs is now under active exploit The VPN is dying, long live zero trust Shopify's Employee Data Theft Underscores Risk of Rogue Insiders Microsoft boots apps out of Azure used by China-sponsored hackers WannaCry Has IoT in Its Crosshairs Love in the time of Zoom: Why we’re in the midst of a dating revolution --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We are right now under attack. This is the windows vulnerability that I mentioned live on the air here a couple of weeks ago, it's not patched up by most people and it's really, really bad. Hey everybody, you're listening to Craig Peterson. Well, this is a big problem right now. This particular vulnerability is called a zero log on vulnerability.  What that means is your computer is vulnerable to attack without the bad guy, actually having to log on to the computer. Very, very, very. Bad. Okay. Now, this is an escalation-of-privilege problem. Microsoft has come out and issued some patches. Apparently, it's not going to be fully fixed for a while, from everything that I was reading. This is crazy because what's happening is they are using domain controllers and remote procedure call login servers in order to get in. So if you're just running a regular windows machine in your house, obviously you want to keep it up to date. But this particular exploit is against these servers that are out there. The servers specifically are those that have exposed domain controllers and remote procedure calls also called RPC login servers. Why do you use those? Well, most businesses use those types of servers to allow people to log in remotely. Who logs in remotely? Well, its employees, right? We're there in our homes, we're trying to get into the office. So we use a domain controller. We are sending RPC calls here for the login servers. You may not know what's actually going on behind the scenes, but that's what it actually is. Now there's a search that you can do on a line. There's a couple of different searches to find. These exposed servers, very, very big binary edge.io. There's a couple of others also let you know about it, but okay. They show more than 33,000,000 million networks that are exposing domain controllers. This is absolutely crazy here. In the event, a single network has both resources exposed, the combination can leave the network-wide open with no other requirements. Okay. It's very, very, very, very bad. I don't want to go much more into this. It is absolutely catastrophic. If you are a person who's responsible for the IT resources within a business. You have to take care of this. Right, right, right away. The cybersecurity arm of the Department of Homeland security mandated all agencies will over the weekend. They put the mandate out on Friday and then they had to be done by Monday. They had to apply the patch by Monday night or remove the controllers from the internet. Take that as a little bit of a hint that maybe it's something you should do too. So if you are a business owner, make sure you check with your managed security services provider and or your employees who are responsible for it. Okay. Cause it's very, very big. It's the year's most severe Windows bug that we've seen this year and who knows maybe more on the way. So I'm not going to say is the best or the worst. Now let's move on to another subject here that I think is worthy of the news here and that is that VPNs are a risk. Now, one of the legitimate reasons to use a VPN would be, so you don't expose those services on your server. In other words, they're not exposed to the whole internet. If they're not exposed to the internet, some guy or gal somewhere else in the world, can't get to them. So how do you let your employees get to those services and keep them locked down for everybody else?  You could do it by having your firewall only allow certain internet addresses to get through to those services. That's what I would advise as a quick stop-gap for you. Make sure that only the home computers that are supposed to be able to get at it can get at it. But remember too, that it is just a quick stop-gap because those home computers could be infected and could be used as a launching point to come after your services. So you're letting that home computer through your firewall to get to the RPC services, the login services they need. If that computer is infected, that home computer, it could be used now to attack you. So it's just a stop-gap. Another way to do it is to use a VPN. Now, you know what I've been saying about VPNs for the longest time, where VPNs are, frankly, a little on the hazardous side, particularly for your security. There's a difference between privacy and security. At least if you ask me. The biggest difference is privacy means that advertisers don't know where you go and that means your internet service provider doesn't know where you go. That's privacy. Security is where you don't want that information sold, but even more so you don't want to have your bank account information stolen or other things that really need to be secured. Okay. So that's a big difference here. If you get a VPN for your business so that people can connect to these log-in services, or maybe connect to your file server, that's a bit of a problem as well, because remember the VPN can be used both ways. It's like that saying, I love this old saying, but tracers work both ways. Right?  You use tracer rounds when you're shooting at the enemy so that you can see where the bullets are going.  By the way, that means the enemy can see where the bullets are coming from. The same thing's true with VPNs you put a VPN in place so that home users can connect to those login services or maybe your SMB CIFS here, your file servers, right, the file shares.  You open it up the VPN so they can get through, but now potentially the bad guys can use it to get through as well. So it is a big problem. Because of that, VPNs need to be tracked very closely in your firewalls. We run all the VPNs that we have for clients or that are requiring security. We run them all through not just a basic firewall, but one that reassembles everything. Examined all files that are being downloaded, et cetera, et cetera. Okay. That's what we do now. There is a new technique in place right now that is gaining a lot of momentum and frankly, within the next few years, all businesses should be using this. We're doing this already and it's something called zero-trust and zero trust means in the case of a VPN. Okay, great. There's a VPN in place, but I don't trust that home computer to have full access to my network. In fact, not only mine, do I not trust it to have full access to the network, but I don't even want to have full access to this particular server. I only want it to have web access, let's say. Even then I want to go to the next level. I want to make sure that that home computer is not being used to grab my client list. That an employee is about to take with them as they walk out the door to my competitor. That's where you start getting into zero-trust and what that's all about. We're going to talk a little bit about that. What Gartner's predicting is going to happen here by 2023 and how you can use it and how you shouldn't be using it right now, in fact, so stick around because we'll be right back. We got a couple more segments left and of course, a bunch more to talk about, and don't forget, visit me online. Hopefully, you got my email on Wednesday with that three-minute training. Go to Craig peterson.com/subscribe right now and make sure you get all of my newsletters. Stick around. We'll be right back. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

First up in this week's episode is news that, as part of its ‘notarization' process, Apple approved code used by Shlayer, the most common threat faced by Macs last year. Is it reasonable to expect Apple – or any app store – to keep their entire ecosystem squeaky clean at all times, or is it up to the user to always be sceptical about what they're downloading?  Next up, another perfect 10 vulnerability. This one, Zerologon, was (luckily) patched back in August, but had the potential for eye-watering consequences. Considering the details of the vulnerability were not made public at the time, users and admins never knew how severe it really was – until now. Thanks to Kev, we get to see it in all its glory. Oh and by the way, we have a lab on this vulnerability, so if you're a user, log on to check it out. And if you're not a user…well, maybe you should be.  APT 41 makes an appearance next as five alleged Chinese citizens have been accused of hacking over 100 companies. Paul borders on seriously ranty territory (nothing new here) and Kev sheds some light on the ridiculous Zone-H.  And finally, our ever-popular ‘Hackers could…' feature covers everything from the fairly noteworthy to the downright groan-inducing. Do people *really* still share photos of their shiny new credit cards?  *** Apple vs Shlayer: https://arstechnica.com/information-technology/2020/09/mac-malware-gets-apples-seal-of-approval-thanks-to-notarization-goof/ Zerologon: https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/ APT 41: https://techcrunch.com/2020/09/16/justice-department-charges-apt41-chinese-hackers/

Martin (@mrtn9), Eirik (@0xSV1), Alexander (@ErDetEnTing) og Rene (@ParticleVoid) følger opp respons fra lyttere, kommer med tips om hvem man skal følge på Twitter og hva slags kurs man bør ta, og diskuterer nyheter. Simula gir ikke opp rampelyset, ZeroLogon danser Samba, NIST reviserer ting og Citrix kaster glass i steinhus.

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup. What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive Over this past weekend, Universal Health Services was hit by a huge Ryuk ransomware One week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search results Security Fixes in Chrome's v85.0.4183.121 Release The VPN you choose DOES make a difference. A "Ransomware Goldrush" We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Ransomware gangs continue to look for an opportunistic payday. Another exposed database is found, and secured. Captchas and padlock icons have their place, but they’re not a guarantee of security. Microsoft explains how to reduce exposure to Zerologon. The US looks to reduce dependence on foreign microelectronics. Joe Carrigan has thoughts on Facebook running SuperPAC ads. Our guest is Sanjay Gupta from Mitek on how online marketplaces can balance security with biometrics. And there’s just one shopping day before National Cybersecurity Month. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/190

I would like to start this episode by talking about Microsoft vulnerabilities, which recently turned out to be much more serious than it seemed at first glance. Watch the video version of this episode on my YouTube channel. Read the full text of this episode with all links on avleonov.com blog.

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup.What could possibly go wrong: Amazon/Ring's autonomous flying home security webcamEvil ransomware gang deposited $1 million of bitcoin in a hacker recruitment driveOver this past weekend, Universal Health Services was hit by a huge Ryuk ransomwareOne week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search resultsSecurity Fixes in Chrome's v85.0.4183.121 ReleaseThe VPN you choose DOES make a difference.A "Ransomware Goldrush"We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup. What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive Over this past weekend, Universal Health Services was hit by a huge Ryuk ransomware One week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search results Security Fixes in Chrome's v85.0.4183.121 Release The VPN you choose DOES make a difference. A "Ransomware Goldrush" We invite you to read our show notes at https://www.grc.com/sn/SN-786-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: expressvpn.com/securitynow barracuda.com/securitynow extrahop.com/SECURITYNOW

FIND US NOW ON AMAZON MUSIC! https://music.amazon.com/podcasts/51b7da82-c223-4de4-8fc1-d1c3dd61984a/Brakeing-Down-Security-Podcast Shout to the organizers of Bsides Edmonton, Alberta, Canada for a great conference! Amanda’s social media take over this week Bryan's plumbing story (A tale of 3 toilets) https://www.infosecurity-magazine.com/news/corporate-data-on-personal-devices/ https://www.infosecurity-magazine.com/news/fatality-after-hospital-hacked/ https://fortune.com/2020/09/18/ransomware-police-investigating-hospital-cyber-attack-death/ Zerologon -  https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/ US govt orders federal agencies to patch dangerous Zerologon bug by Monday, 21 September 11:59 EDT) https://www.zdnet.com/article/us-govt-orders-federal-agencies-to-patch-dangerous-zerologon-bug-by-monday/ Tweet mentioning not needing to reset passwords for access:https://twitter.com/_dirkjan/status/1307662409436475392 https://twitter.com/MsftSecIntel/status/1308941504707063808?s=20 Linux malware (drovorub) https://www.tripwire.com/state-of-security/featured/drovorub-malware/  https://www.zdnet.com/article/this-surprise-linux-malware-warning-shows-that-hackers-are-changing-their-targets/   Rampant Kitten‘s arsenal includes Android malware that bypasses 2FA   https://exploit.kitploit.com/2020/09/tp-link-cloud-cameras-ncxxx-bonjour.html https://www.infosecurity-magazine.com/news/former-pm-passport-phone-hacker/ https://threatpost.com/bluetooth-spoofing-bug-iot-devices/159291/ Good stuff: https://compass-security.com/fileadmin/Datein/Research/White_Papers/lateral_movement_detection_basic_gpo_settings_v1.0.pdf   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Episode #288 consacré à Zerologon Avec Benjamin Delpy et Vincent Letoux The post Zerologon appeared first on NoLimitSecu.

Nice to breathe again, 3d printing fun, and concrete adventures. Directive to patch Zerologon, Russia bans ESNI, and did you know octal is a valid IP representation? Strava shows personal info to strangers, and Germany sees the first potential death due to a ransomware attack. For fun, you can fly Serenity, calculate the speed of light with a chocolate bar, code in Swift on Windows, and listen to Timber Wars. (will anyone notice if I *don't* put images into the metadata??) 0:00 - Intro 20:51 - Zerologon Patch Directive 22:20 - Russia Bans ESNI 25:54 - Other IP Encodings 34:54 - Strava Exposure 41:20 - Ransomware Death 45:51 - Fly Serenity 48:56 - Microwave and Chocolate 51:25 - Swift on Windows 53:14 - Timber Wars Podcast

On this week's episode of the podcast I cover my personal highlights from the announcements made during Microsoft's Ignite 2020 conference, I get into some Ransomware Stories AGAIN! as well as some other stories in the industry plus more! Reference Links: https://www.rorymon.com/blog/episode-143-microsoft-ignite-2020-highlights-zerologon-ramping-up-more/

Welcome to Episode 88 YouTube Link: https://youtu.be/B0xDg5WJazY  Main Topic How much does your job identify you, and is that a bad thing? “Do what you love and you’ll never work a day in your life” - how true is that statement, for real? Announcements Patreon Update Robert Matt David S0l3mn Erwin Trooper_Ish LinuXsys666 gimpyb Ryan Mark DeMentor PowerShellOnLinux.com Jon Marc Julius Andi J Charles 22532 Get your Iron Sysadmin Merch at Teespring! https://teespring.com/stores/ironsysadmin  BSides DE UNconference - November 13-14 More info on live@Manning Women in Tech Conf: http://mng.bz/EElO  Reviews Not a review exactly, but cool: https://www.whatsupgold.com/blog/top-9-sysadmin-podcasts @rugaripov on Twitter:  I like uncle Mark. I like his jokes. I like *very much* when he's singing. We're all different, so even if someone get annoyed by you, I still like you, uncle Mark! :-P Thanks for a great show, guys! Chat [unclemarc]  Creating a cgroups lab session for RHEL 8. Will deliver internally, wondering if it’s the kind of thing people would like to attend as a public thing at some point? Way too excited about Star Wars Squadrons, Oct 2nd. Have I learned nothing about hype versus reality? https://www.ea.com/games/starwars/squadrons I caved. I’m using contact tracing   [gangrif] https://www.amazon.com/Christians-Age-Outrage-Bring-World/dp/1496433610    [xenophage] New OS, who dis? News https://www.forbes.com/sites/daveywinder/2020/09/24/microsoft-confirms-critical-windows-server-perfect-10-zerologon-attacks-have-started/#75bcbc84869e  Zerologon attack CVE-2020-1472 https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc  https://techcrunch.com/2020/09/23/google-maps-gets-a-covid-19-layer https://www.ksat.com/news/politics/2020/09/23/doj-nearing-antitrust-action-on-google-trump-eyes-tech-curb/ https://www.fiercewireless.com/5g/verizon-and-aws-bring-mobile-edge-compute-to-3-more-cities https://9to5mac.com/2020/09/23/microsoft-hints-that-youll-soon-be-able-to-stream-xbox-games-to-iphone/  https://www.npr.org/2020/09/20/914032065/tiktok-ban-averted-trump-gives-oracle-walmart-deal-his-blessing  https://www.bbc.com/news/technology-54285692   Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast  OR https://twitch.tv/IronSysadminPodcast   Matrix Community: https://matrix.to/#/+ironsysadmin:trixie.undrground.org  Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin   Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/ 

In our latest episode of Security Nation, we are joined by Christian Wentz, CEO, CTO, founder of Gradient, and multiple Ph.D holder. From an electrical-engineering-applied-to-neuroscience background to a privacy and data protector present, we discuss what it’s like to thread the needle between internet profitability and end-user privacy. There’s technology, there’s politics, there’s policy, and there’s Tod getting very excited about code. Stick around for our Rapid Rundown, where Tod talks through CVE-2020-1472, a CVSS-10 privilege escalation vulnerability in Microsoft’s Netlogon authentication process that the paper's authors christened “Zerologon.”

Zerologon es una vulnerabilidad crítica que afecta a los Windows Server y que posibilita la escala de privilegios por un fallo en el servicio de autenticación Netlogon. Su explotación permitiría a un atacante hacerse con el permiso de administrador de dominio con todo lo que eso puede desencadenar. Un ciberdebate para destripar #Zerologon, explicar porqué es tan importante este fallo descubierto en #Windows Server y por qué la acción recomendada es actualizar a la mayor brevedad. Más información en: https://www.yolandacorral.com/zerologon-vulnerabilidad-critica CVE-2020-1472: https://nvd.nist.gov/vuln/detail/CVE-2020-1472 Los invitados que participan en el ciberdebate son: ◼️ Pablo González (https://twitter.com/pablogonzalezpe). Ingeniero Informático. Trabaja en Telefónica en el departamento de Ideas Locas. Es MVP de Microsoft desde el año 2017. Docente en diferentes universidades en másteres con temática de ciberseguridad ya autor de varios libros de ciberseguridad publicados en la editorial 0xword. Co-autor del blog de Flu Project (https://www.flu-project.com) y fundador de hackersClub (https://twitter.com/hackersClubAcad). ◼️ José Luis Navarro (https://twitter.com/JLNavarroAdam). Director de Proyectos e I+D en GirsaNet. Consultor Ciberseguridad en Zinetik Consultores (https://zinetik.com). Un "constructor de murallas" apasionado de la seguridad informática y la privacidad en Internet. Creador del firewall CDC-data y fan de Raspberry PI. ◼️ Eloy Villa (https://twitter.com/informaticaeloy). Técnico Superior en Administración de Sistemas Informáticos. Administrador de Sistemas en una importante empresa de sistemas de seguridad en Zaragoza. Formador en programas de ciberseguridad en varios centros de Educación Secundaria. Blog personal: https://porlasnochesleoachema.blogspot.com Directora y presentadora: ◼️ Yolanda Corral (https://twitter.com/yocomu). Periodista. Formadora freelance especializada en ciberseguridad de tú a tú y competencias digitales (https://www.yolandacorral.com/servicios-formacion). Fundadora del canal Palabra de hacker. ________________ Sigue Palabra de hacker tu canal de #ciberseguridad de tú a tú: 🔴 Canal de YouTube, suscríbete para no perderte ningún vídeo: https://www.youtube.com/c/Palabradehacker-ciberseguridad 🎙 Suscríbete y escucha todos los podcasts en: ✔️ Ivoox: http://www.ivoox.com/podcast-palabra-hacker_sq_f1266057_1.html ✔️ iTunes: https://itunes.apple.com/es/podcast/palabra-de-hacker/id1114292064 ✔️ Spotify: https://open.spotify.com/show/1xKmNk9Gk5egH6fJ9utG86 ✔️ Google Podcast: https://podcasts.google.com/?feed=aHR0cDovL3d3dy5pdm9veC5jb20vcGFsYWJyYS1oYWNrZXJfZmdfZjEyNjYwNTdfZmlsdHJvXzEueG1s - Toda la información en la web https://www.yolandacorral.com/palabra-de-hacker - Canal en Telegram: t.me/palabradehacker - Twitter: https://twitter.com/palabradehacker - Facebook: https://www.facebook.com/Palabradehacker

In this episode of Technado, Balaji Parimi from CloudKnox joined the crew to talk about staying secure across multiple cloud providers. He also discussed a study that shows that large cloud providers are less likely to be breached. In other news, the team talked about Microsoft’s Linux kernel update, the quality of Walmart’s Gateway computers, an FBI report about credential stuffing attacks on banks, the Zerologon attack, and how much IoT traffic is from a single botnet.

Sponsor by SEC Playground Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

In this episode of Technado, Balaji Parimi from CloudKnox joined the crew to talk about staying secure across multiple cloud providers. He also discussed a study that shows that large cloud providers are less likely to be breached. In other news, the team talked about Microsoft’s Linux kernel update, the quality of Walmart’s Gateway computers, an FBI report about credential stuffing attacks on banks, the Zerologon attack, and how much IoT traffic is from a single botnet.

In this episode of Technado, Balaji Parimi from CloudKnox joined the crew to talk about staying secure across multiple cloud providers. He also discussed a study that shows that large cloud providers are less likely to be breached. In other news, the team talked about Microsoft’s Linux kernel update, the quality of Walmart’s Gateway computers, an FBI report about credential stuffing attacks on banks, the Zerologon attack, and how much IoT traffic is from a single botnet.

In this episode of Technado, Balaji Parimi from CloudKnox joined the crew to talk about staying secure across multiple cloud providers. He also discussed a study that shows that large cloud providers are less likely to be breached. In other news, the team talked about Microsoft’s Linux kernel update, the quality of Walmart’s Gateway computers, an FBI report about credential stuffing attacks on banks, the Zerologon attack, and how much IoT traffic is from a single botnet.

In this episode of Technado, Balaji Parimi from CloudKnox joined the crew to talk about staying secure across multiple cloud providers. He also discussed a study that shows that large cloud providers are less likely to be breached. In other news, the team talked about Microsoft’s Linux kernel update, the quality of Walmart’s Gateway computers, an FBI report about credential stuffing attacks on banks, the Zerologon attack, and how much IoT traffic is from a single botnet.

In this episode of Technado, Balaji Parimi from CloudKnox joined the crew to talk about staying secure across multiple cloud providers. He also discussed a study that shows that large cloud providers are less likely to be breached. In other news, the team talked about Microsoft’s Linux kernel update, the quality of Walmart’s Gateway computers, an FBI report about credential stuffing attacks on banks, the Zerologon attack, and how much IoT traffic is from a single botnet.

Zerologon is being actively exploited in the wild. The OldGremlin ransomware gang picks on Russian targets. Thought Fancy Bear was done with NATO? (Think again.) The US Treasury Department sanctions more organizations and individuals for malign influence operations. Betsy Carmelite from BAH on vaccine laboratory cybersecurity. Our guest is Shena Tharnish from Comcast Business with insights for small businesses concerned with COVID-19 related phishing. And four of the defendants indicted in the eBay cyberstalking case have chosen their pleas. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/186

Today's Headlines: LokiBot Stealer Storms Into a Resurgence Microsoft: Hackers using Zerologon exploits in attacks, patch now! Google Patches Privilege Escalation Vulnerability in Cloud Service   To make sure you never miss a single Practitioner Brief sign up for our daily mailing list: https://mailchi.mp/1c199cd854f0/practitioners-brief **** James Azar Host of CyberHub Podcast James on Twitter: https://twitter.com/james_azar1 James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/     ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter   ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast

Microsoft Ignite 2020 hype! iOS 14 Mail changes, software KVMs, Zerologon exploits, SSU/LCU follow-ups, Teams/Exchange Online Issues, stories about imaging computers, and a variety of other topics! Extended show notes available at https://hthpc.com Boot Up • #MSIgnite 2020! • Steve hates sticky monitor edges ○ NSFW: Arm workout: The Denny's Grand Slam • Software KVMs: Synergy versus Input Director versus Mouse Without Borders ○ CORRECTION: Input Director still exists. • Denny's at 3am isn't THAT exciting but Ignite at Denny's is an option • iOS 14 Mail changes - "admin approval" needed • Enterprise application name (same ID) and permissions appear to have changed with iOS 14 • Supposed solution: update permissions to "re-approve" app or grant permissions for • Or just use Outlook for iOS, it lets you accept calendar invites without sending a response! • Terrible places to put physical conference rooms (directly adjacent to bathrooms) • Changing app icons in iOS 14 via Shortcuts • Quick follow-up from HTH0025: CVE-2020-1472 has a proof of concept. Patch sooner rather than later. • Follow-up from HTH0027: SSU/LCU merge is not for Server OSes • Monetizable rage: Apple Watch AppleCare rant ○ Why do I have to send it in and wait for shipping? Why can't an Apple Store do it? ○ Had to wipe it before they would even ship the return box ○ 5 days of no watch for nothing • Losing the Exchange Online Lottery: "A very limited number of users may intermittently be unable to access Exchange Online via any connection method ID" - EX220974 • Delayed Teams messages • Phishing issues • DigiCert emails fail SPF? • MICROSOFT IGNITE final thoughts • The Bud Light Showtime Cam - feature people with better cameras/internet please • The LG VX8100 and Tiff's first phone Declassified Sysadmin Stories • Steve was hired for SCCM imaging • That one time Steve had to build an SCCM server from spare parts (PowerEdge 1950) • Imaging labs and classrooms with WDS/SCCM - Network congestion, Before and After • Image cleanup and optimization § What do you mean pushing out a 100GB+ image is insane? • Tiff went from imaging mac labs to an exchange admin That is Accurate • MAC is not the same as Mac • MAC Filtering and MAC randomization • Side note: Game Boy is two words, not one. • Lego versus Legos • An insane way to pronounce Symantec Ask the Stiffs: Question of the Week • What are some of your favorite free tools/utilities you use as a sysadmin? ○ Steve likes: VS Code, Windows Terminal, Everything, ShareX, RoboCopy, WinDirStat ○ My work computer -Tiff Outro - "Plus Delta" • We help you, you help us: Rate us on iTunes • We're on Amazon Music • Check out Steve's solo podcast (coming in October 2020 hopefully): Things Learned --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!   Show Notes: https://wiki.securityweekly.com/swn67 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://wiki.securityweekly.com/swn67

This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!   Show Notes: https://wiki.securityweekly.com/swn67 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

CISA tells the Feds to patch Zerologon by midnight tonight. Cerberus surges after its source code is released. Rampant Kitten, an Iranian surveillance operation, is described. The US bans on WeChat and TikTok were both postponed. Justin Harvey from Accenture marks three years since wannacry with a look at ransomware. Our own Rick Howard on red and blue team operations. And police in Germany are looking for ransomware attackers on a homicide charge. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/183

V důsledku ransomware útoku zemřel pacient poté, co musel být převezen do o hodinu vzdálenější nemocnice, zranitelnost CVE-2020-1472 a Sysmon verze 12.0.

Disobey CFP (call for presentations)https://cfp.disobey.fi/Flare-On 7 haastehttps://www.flare-on.com/Surullinen ransomware-kuolemahttps://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/Antin mainitsema 4kk päivitysaika yrityksissähttps://www.kennasecurity.com/news/remediation-gap-4-month-invitation-attack/TikTok kielletty yhdysvalloissa (maksumuuri)https://www.ft.com/content/4049b902-53b7-46d6-b9f5-69d076bc5d23Lisää tietoa TikTokistahttps://www.commerce.gov/news/press-releases/2020/09/commerce-department-prohibits-wechat-and-tiktok-transactions-protectZeroLogon-haavoittuvuushttps://www.secura.com/blog/zero-logonZeroLogon-raporttihttps://www.secura.com/pathtoimg.php?id=2055Ilta-Sanomien uutinen Postin nimissä lähetetyistä kalasteluviesteistähttps://www.is.fi/digitoday/tietoturva/art-2000006638568.htmlBLESA-haavoittuvuushttps://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/TiVin uutinen BLESA-haavoittuvuudestahttps://www.tivi.fi/uutiset/uusi-bluetooth-haavoittuvuus-uhkaa-miljardeja-laitteita-ympari-maailman/0e0e375a-3243-4b57-b5b6-c7c2b9143656

Cup of Cyber - September 21st, 2020 - vulnerable Let' talk Zoom - and more! Join us for an inside view of today's Cyber News and why it matters. ————————— News ————————————- The ransomware crisis is getting worse. We need to make these four big changes https://www.zdnet.com/article/the-ransomware-crisis-is-getting-worse-we-need-to-make-these-four-big-changes/ (https://www.zdnet.com/article/the-ransomware-crisis-is-getting-worse-we-need-to-make-these-four-big-changes/) US govt orders federal agencies to patch dangerous Zerologon bug by Monday https://www.zdnet.com/article/us-govt-orders-federal-agencies-to-patch-dangerous-zerologon-bug-by-monday/ (https://www.zdnet.com/article/us-govt-orders-federal-agencies-to-patch-dangerous-zerologon-bug-by-monday/) TikTok Ban Averted: Trump Gives Oracle-Walmart Deal His 'Blessing' https://www.npr.org/2020/09/20/914032065/tiktok-ban-averted-trump-gives-oracle-walmart-deal-his-blessing —————————-Todays Offbeat Holiday————- Today is:World Gratitude Day https://www.usatoday.com/story/money/food/2020/09/18/cheeseburger-day-2020-freebies-bargains-mcdonalds/5804190002/ (https://www.cnn.com/2019/09/20/us/iyw-world-gratitude-day-3-easy-rituals-trnd/index.html) __________________Products shown today_____________ SWAG is at: https://www.youtube.com/redirect?q=https%3A%2F%2Fwww.cyber-recon.com%2Fswag%2F&event=video_description&v=DSUm5h_E4JI&redir_token=QUFFLUhqbTVieFBZSEgyQVg2Z2tnUDBrNWxpaEtxV0VvQXxBQ3Jtc0trc3lfQmRFSU9NMHpZOE1ONDZEMHM5Y1BSZnNXMGU0ZEVSclhzR1FWa2ZadjJ2X2dleWtNU0VMMWNoYlFKS2ZIeWZRS3BFRGx3M2c5enVTOU5JQW9vbVhObVhqcm1PTHVVSFVlajNFam1BdzVxT0Y1MA%3D%3D (https://www.cyber-recon.com/swag/) Support this podcast

In today's podcast we cover four crucial cyber and technology topics, including: 1. Netwalker claims to breach, steal data from The College of the Nurses of Ontario 2. U.S. government efforts to block WeChat stymied, injunction against block issued 3. U.S. Department of Homeland Security issues order to patch Zerologon vulnerability 4. U.S. Government passes IoT Cyber security bill I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

Hello! We are back with Episode 13 of the HackableYou Podcast. This week we mention Government plans to give energy providers remote access to your smart meter, KnowB4 Awareness Training Phishing, and the critical Zero Logon Vulnerability. The topic of the weeks gives a high-level touch on Network and Application attacks. Lastly in Secrets from the SOC, we gove you our ultimate top 3 tips for cybersecurity major incident response you should start doing. Thank you to all our listeners so far! email: info@hackableyou.com Podcast Sections: Cyber News: 1:36 Topic of the Week: 10:28 Secrets from the SOC: 18:32

Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, Most compliance requirements are completely absurd, Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software, and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw667

Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, Most compliance requirements are completely absurd, Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software, and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw667

Melvin (@flangvik), Rene (@particlevoid), Eirik (@0xSV1), Øystein (@0xTomG) og Vetle (@bordplate) skjelver i buksene på grunn av Zerologon. Videre snakker vi Simula, sykehus, kryptovaluta (det måtte komme) og mer! Følg oss på @5h3llcast på Twitter eller send oss en e-post på podcast@5h3ll.sh.

Zerologon; Smart Locks; Credential Stuffing; Internet Weather

Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that claim. A severe vulnerability called Zerologon in Windows Netlogon was patched in August; this bug could be exploited to attack enterprise servers. And a security researcher also discovered that the Windows TCPIP Finger command can also function as a file downloader and a makeshift command and control server. Last weekend, nearly 2,000 Magento stores were compromised in the largest hacking campaign since 2015.

Neste episódio, fizemos um lab para teste de um exploit recém-publicado capaz de explorar uma vulnerabilidade crítica (CVSS 10) chamada ‘Zerologon’ (CVE-2020-147) corrigida no Microsoft Patch Tuesday de agosto de 2020. Comprovamos que o exploit funciona e é extremamente simples de ser utilizado. Para uso do exploit, basta que um atacante não autenticado tenha conectividade com o Domain Controler. Aplique a correção para a vulnerabilidade no seu ambiente caso ainda não o tenha feito. O MorphusCast também está disponível nas plataformas: - YouTube: https://youtu.be/Ii4BKY3zVU8 - Apple Podcasts: https://podcasts.apple.com/br/podcast/morphuscast/id1367241273 - Google Podcasts: https://podcasts.google.com/feed/aHR0cDovL2ZlZWRzLnNvdW5kY2xvdWQuY29tL3VzZXJzL3NvdW5kY2xvdWQ6dXNlcnM6MjY3Mjg3NTExL3NvdW5kcy5yc3M?sa=X&ved=2ahUKEwinpKz1oqjrAhWrazABHVAEAd0Q4aUDegQIARAC --------------------- Links de referência: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 https://www.secura.com/pathtoimg.php?id=2055 Exploit (use por sua conta e risco): https://github.com/dirkjanm/CVE-2020-1472 ------- ACOMPANHE OS NOSSOS CANAIS: https://www.linkedin.com/company/morphusecurity https://www.instagram.com/morphusecurity https://www.facebook.com/morphustecnologia NOSSOS CONTEÚDOS: Morphus Labs: https://morphuslabs.com/ Morphus Blog: https://www.medium.com/morphusblog -------- INFORMAÇÕES: https://www.morphus.com.br . #zerologon #exploit #vulnerabilidade

Details of the Zerologon vulnerability are published, and it seems a serious one indeed. CISA describes Chinese cyberespionage practices--they’re not exotic, but they’re effective. What’s the difference between highly targeted market research and intelligence collection against individuals? Better commercials? Ben Yelin explains a 9th circuit court opinion with 4th amendment implications. Our guest is Exabeam’s Richard Cassidy on why when it comes to insider risk, context is everything. And there’s been a data breach at the VA. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/179