Podcasts about Zimbra

Durante a conversa no podcast, o músico Guilherme Goes, componente da banda Zimbra, contou sobre a recuperação após o acidente que o fez perder quatro dedos da mão direita, o medo do fim da carreira e como ressignificou o olhar para a vida.

[Referências do Episódio] Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware - https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html  Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions - https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html  CVE-2024-30088 - Windows Kernel Elevation of Privilege Vulnerability - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30088  Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA - https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa  Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale - https://securityaffairs.com/169708/apt/apt29-target-zimbra-and-jetbrains-teamcity.html  Expanding the Investigation: Deep Dive into Latest TrickMo Samples - https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia's ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata's blog on “Understanding the 7 A's of IAM” and their book on “Identity Orchestration for Dummies”.  Selected Reading International police dismantle cybercrime group in West Africa (The Record) New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine) Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread) Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer) More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop) FIN7 hackers launch deepfake nude “generator” sites to spread malware (Bleeping Computer) 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability (Cyber Security News) Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (Bleeping Computer) Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-419

Cybersecurity Today: NVD Backlogs & Emerging Threats Host Jim Love discusses the backlog in the National Vulnerability Database and its implications for cybersecurity, highlighting two new Linux vulnerabilities. The episode also covers a sophisticated malware, Perfctl, attacking Linux servers, vulnerabilities in CUPS, and security risks of Meta's smart glasses. Additionally, insights are provided from a CIRA study on ransomware payment trends and the challenges posed by AI in cybersecurity. The podcast ends with announcements for new vulnerability threats and a preview of upcoming research with co-host David Shipley. 00:00 Introduction and Podcast Promotion 00:45 National Vulnerability Database Backlog 02:54 Linux Vulnerabilities: Perfctl Malware 04:42 CUPS Vulnerability Alert 05:56 Privacy Concerns with Meta's Smart Glasses 07:23 Critical Vulnerabilities in Zimbra and Ivanti 08:55 CIRA's Ransomware Study Insights 12:12 AI in Cybersecurity: Survey Findings 14:02 Conclusion and Upcoming Features

Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-419

Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-419

Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-419

O preço do petróleo teve um salto depois que o presidente dos Estados Unidos, Joe Biden, afirmou que Israel estaria considerando a possibilidade de atacar a infraestrutura petroleira do Irã, que representa 2% da oferta de petróleo no mundo. Além disso, o Irã tem a terceira maior reserva de petróleo no planeta. E mais: - Equipe econômica do governo brasileiro teme que as maiores repercussões na economia do Brasil sejam sentidas no preço da gasolina e no frete - Israel continua sua ofensiva contra alvos do Hezbollah. Uma nova onda de pelo menos 10 ataques foi realizada durante a noite, uma das mais violentas desde o dia 23 de setembro. Somente nas últimas 24 horas, 37 pessoas morreram por causa dos ataques israelenses - Avião da Força Aérea Brasileira, que vai resgatar brasileiros no Líbano, deve pousar em Beirute nesta sexta-feira. O voo deve levar 220 brasileiros de volta ao país e que querem deixar o Líbano pelo fato de estarem em zona de conflito. Quase 3 mil brasileiros declararam deixar o Líbano, segundo o Itamaraty e a prioridade será dada para idosos, mulheres, crianças e pessoas com necessidade médica - Na Tunísia, os eleitores vão às urnas nesse fim de semana. Sem grandes surpresas, o presidente Kais Saied deve ser reeleito. Ele aumentou a repressão contra jornalistas, políticos e ativistas e enfraqueceu a oposição, além de assumir poderes plenos do Executivo e Legislativo em 2021 - Residências da Cidade do México poderão ser alugadas somente por metade do ano, via plataformas como Airbnb. As autoridades da capital mexicana querem promover um equilíbrio entre a promoção do turismo e a proteção dos cidadãos, que são empurrados para a periferia, por causa da falta de residências - Nos Estados Unidos, o furacão Helene já se tornou o segundo mais mortal dos últimos 50 anos, deixando 200 mortos e mais de um milhão de pessoas sem luz e sem água Ouça Zimbra no Spotify Estamos na 2ª fase do Prêmio Melhores Podcasts do Brasil, na categoria de “Assuntos Diversos”. Nos ajudem e deem seu voto https://www.premiompb.com.br Sigam a gente nas redes sociais Instagram mundo_180_segundos e Linkedin Mundo em 180 Segundos Assistam os episódio no Youtube e na live do Instagram

Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —

[Referências do Episódio] ProofPoint posts - https://x.com/threatinsight/status/1841089939905134793 Treasury sanctions members of the Russia-based cybercriminal group Evil Corp in trilateral action with the United Kingdom and Australia - https://home.treasury.gov/news/press-releases/jy2623 Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/ Key Group: another ransomware group using leaked builders - https://securelist.com/key-group-ransomware-samples-and-telegram-schemes/114025/ Crypto-Stealing Code Lurking in Python Package Dependencies - https://checkmarx.com/blog/crypto-stealing-code-lurking-in-python-package-dependencies/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Grupo de Santos (SP) faz sucesso pelo país com um estilo único de pop rock. Mas quem vê onde esses músicos chegaram não imagina o 'corre' para alcançar os objetivos e poder viver o sonho. Eles abriram o jogo e desromantizaram o glamour da vida na estrada. Mesmo assim, ressaltaram a paixão pelas músicas, escolhas e o momento mais maduro como homens e artistas.

Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/

Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Ukrainian scam gang arrested, face 12 years in Czech prison 2.        Zimbra flaw abused after patch released to steal government data 3.        City of Long Beach faces disruption amidst cyber-attack 4.        Cryptocurrency miners found throughout Polish courthouse  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Phishing for Zimbra credentials. PlayCrypt ransomware described. The Cuba ransomware group adopts new tools. #NoFilter. Cyber criminals threaten security researchers. Our guest is Kevin Paige from Uptycs with thoughts on the Blackhat conference. Eric Goldstein, Executive Assistant Director at CISA joins us discussing next steps on the Secure by Design journey. And Russian disinformation takes on "Anglo-Saxonia." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/158 Selected reading. Mass-spreading campaign targeting Zimbra users (We Live Security) PlayCrypt Ransomware Group Wreaks Havoc in Campaign Against Managed Service Providers (Adlumin SaaS Security) Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America (BlackBerry) NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security (The Hacker News) Cyber security researchers become target of criminal hackers (Financial Times) Britain plotting to assassinate pro-Russian leaders in Africa, says Moscow (The Telegraph)  Ukraine at D+540: Russification and disinformation. (CyberWire) 

This episode of This Week in Enterprise Tech discusses the latest issues around AI, including legal implications, security concerns, and practical applications. Lucid Software Chief Product Officer Dan Lawyer joins hosts Curt Franklin, Brian Chee, and Oliver Rist to explain how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities. Recent phishing campaign targeting Zimbra customers in over a dozen countries AI requiring changes to data center heat dissipation strategies Verizon expanding 5G coverage using newly available C-band 5G spectrum White House again telling executive branch to take cybersecurity seriously Potential NY Times lawsuit against OpenAI over ChatGPT training on copyrighted content Lucid Software's Chief Product Officer Dan Lawyer explains how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities, and streamlining the HR onboarding process. Hosts: Brian Chee and Curtis Franklin Co-Host: Oliver Rist Guest: Dan Lawyer Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: GO.ACILEARNING.COM/TWIT panoptica.app

This episode of This Week in Enterprise Tech discusses the latest issues around AI, including legal implications, security concerns, and practical applications. Lucid Software Chief Product Officer Dan Lawyer joins hosts Curt Franklin, Brian Chee, and Oliver Rist to explain how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities. Recent phishing campaign targeting Zimbra customers in over a dozen countries AI requiring changes to data center heat dissipation strategies Verizon expanding 5G coverage using newly available C-band 5G spectrum White House again telling executive branch to take cybersecurity seriously Potential NY Times lawsuit against OpenAI over ChatGPT training on copyrighted content Lucid Software's Chief Product Officer Dan Lawyer explains how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities, and streamlining the HR onboarding process. Hosts: Brian Chee and Curtis Franklin Co-Host: Oliver Rist Guest: Dan Lawyer Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: GO.ACILEARNING.COM/TWIT panoptica.app

This episode of This Week in Enterprise Tech discusses the latest issues around AI, including legal implications, security concerns, and practical applications. Lucid Software Chief Product Officer Dan Lawyer joins hosts Curt Franklin, Brian Chee, and Oliver Rist to explain how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities. Recent phishing campaign targeting Zimbra customers in over a dozen countries AI requiring changes to data center heat dissipation strategies Verizon expanding 5G coverage using newly available C-band 5G spectrum White House again telling executive branch to take cybersecurity seriously Potential NY Times lawsuit against OpenAI over ChatGPT training on copyrighted content Lucid Software's Chief Product Officer Dan Lawyer explains how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities, and streamlining the HR onboarding process. Hosts: Brian Chee and Curtis Franklin Co-Host: Oliver Rist Guest: Dan Lawyer Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: GO.ACILEARNING.COM/TWIT panoptica.app

This episode of This Week in Enterprise Tech discusses the latest issues around AI, including legal implications, security concerns, and practical applications. Lucid Software Chief Product Officer Dan Lawyer joins hosts Curt Franklin, Brian Chee, and Oliver Rist to explain how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities. Recent phishing campaign targeting Zimbra customers in over a dozen countries AI requiring changes to data center heat dissipation strategies Verizon expanding 5G coverage using newly available C-band 5G spectrum White House again telling executive branch to take cybersecurity seriously Potential NY Times lawsuit against OpenAI over ChatGPT training on copyrighted content Lucid Software's Chief Product Officer Dan Lawyer explains how Lucid's visual collaboration tools aim to improve teamwork through integrating AI capabilities, and streamlining the HR onboarding process. Hosts: Brian Chee and Curtis Franklin Co-Host: Oliver Rist Guest: Dan Lawyer Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: GO.ACILEARNING.COM/TWIT panoptica.app

Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn-309

Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, Aaran Leyland, and More on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-309 

Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn-309

Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, Aaran Leyland, and More on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-309 

Business email compromise (BEC) exploits legitimate services. A hacktivist ransomware group demands charity donations for encrypted files. Trends and threats in API protection. The effects of hacktivism on Russia's war against Ukraine. Executive digital protection. Deepen Desai of Zscaler explains security risks in OneNote. Our guest is Ajay Bhatia of Veritas Technologies with advice for onboarding new employees. And news organizations as attractive targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/96 Selected reading. Leveraging Dropbox to Soar Into Inbox (Avanan) MalasLocker ransomware targets Zimbra servers, demands charity donation (Bleeping Computer) Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprises (Business Wire) APIs are Top Cybersecurity Priority for Most Organizations, Yet 40% Do Not Have an API Security Solution (PR Newswire) Evolving Cyber Operations and Capabilities (CSIS) Following the long-running Russian aggression against Ukraine. (The CyberWire) Executive Digital Protection whitepaper (Agency) The Philadelphia Inquirer's operations continue to be disrupted by a cyber incident (The Philadelphia Inquirer) Cyberattack at the Philadelphia Inquirer. (The CyberWire)

(0:00) Intro(1:24) Welcome Satish and Scott(7:27) Venture firm structures(19:02) Partner dynamics(27:31) Operating with imperfect information(32:52) How do you think about pricing?(37:10) Great managers vs great leaders(40:16) Getting into venture(48:32) Thoughts on AI(54:04) VC Industry dynamics and trends Show Notes:https://www.redpoint.com/our-people/satish-dharmaraj/https://www.forbes.com/profile/satish-dharmaraj/?sh=5567bf761409https://www.redpoint.com/our-people/scott-raney/https://www.forbes.com/profile/scott-raney/?sh=6f67cc227fbb Satish Dharmaraj is an American entrepreneur, speaker, angel investor and venture capitalist, who currently serves as a general partner with Redpoint Ventures. In 2021, he was placed #6 on the Forbes Midas List of top 100 Venture Capital investors. Prior to Redpoint Ventures, Satish Dharmaraj founded Zimbra, which he then sold to Yahoo! for $350 million, in 2007. Scott Raney is a Partner with Redpoint Ventures focusing on information and consumer technology with a particular emphasis on cloud computing, on-demand software, enterprise infrastructure, and mobile apps and platforms. In 2022, he was placed #39 on the Forbes Midas List of top 100 Venture Capital investors. Prior to venture capital, Raney worked at two startups that ultimately went out of business. Mixed and edited: Justin HrabovskyProduced: Rashad AssirExecutive Producer: Josh MachizMusic: Griff Lawson 

Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters)  Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop ‘Genesis Market' Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of world's largest platforms for cyber fraud, seized by police (Record) 'Operation Cookie Monster': FBI seizes popular cybercrime forum used for large-scale identity theft (CNN) Cybercrime marketplace Genesis Market shut by FBI, international law enforcement (CNBC) FBI seizes stolen credentials market Genesis in Operation Cookie Monster (BleepingComputer) Notorious Genesis Market cybercrime forum seized in international law enforcement operation (CyberScoop) Proxyjacking has Entered the Chat (Sysdig) Rorschach – A New Sophisticated and Fast Ransomware (Check Point Research) Russian hackers attack German ministry's website (TVP World) Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List (SecurityWeek) Zimbra vulnerability exploited by Russian hackers targeting Nato countries - CISA (Tech Monitor)  CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) NVD - CVE-2022-27926 (National Vulnerability Database) The Interview - Russian cyber weapons 'could do a lot of damage' in the US: Former counterterrorism czar (France 24) Biden cybersecurity chief 'surprised' Russia has not hit US targets amid Ukraine war (Washington Examiner) Ukrainian Cyber War Confirms the Lesson: Cyber Power Requires Soft Power (Council on Foreign Relations)

Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn285

Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes!  Show Notes: https://securityweekly.com/swn285

Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News.  Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn285

Flappy TREX lips, WooCommerce, 3CX, Zimbra, OneNote, ChatGPT, ProPump, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes!  Show Notes: https://securityweekly.com/swn285

Barracuda published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 75% of the organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average costs of more than $1 million for their most expensive attack. 23% said that the cost of email-based attacks has risen dramatically over the last year.   Segment Resources:  https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf   This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!   In the Security News for this week: indistinguishable classifiers, screenshot the /etc/passwd file, what the Zimbra, couple of cool Burp plugins, my voice is my passport. verify me, software is harder to exploit, unless its in firmware, when ChatGPT writes an article, becoming a trusted installer, not the last breach for lastpass, getting fried at the charger, and why hackers love stickers!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw774

In the Security News for this week: indistinguishable classifiers, screenshot the /etc/passwd file, what the Zimbra, couple of cool Burp plugins, my voice is my passport. verify me, software is harder to exploit, unless its in firmware, when ChatGPT writes an article, becoming a trusted installer, not the last breach for lastpass, getting fried at the charger, and why hackers love stickers!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw774

Barracuda published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 75% of the organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average costs of more than $1 million for their most expensive attack. 23% said that the cost of email-based attacks has risen dramatically over the last year.   Segment Resources:  https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf   This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!   In the Security News for this week: indistinguishable classifiers, screenshot the /etc/passwd file, what the Zimbra, couple of cool Burp plugins, my voice is my passport. verify me, software is harder to exploit, unless its in firmware, when ChatGPT writes an article, becoming a trusted installer, not the last breach for lastpass, getting fried at the charger, and why hackers love stickers!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw774

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday. First time seeing this? Please subscribe. Hello World! It's February 03, 2023. Welcome to a new edition of Cyber Briefing by CyberMaterial. Let's review the latest cybersecurity alerts and incidents. Cyber Alerts Malicious NPM, PyPI packages stealing user information White House pushes for total ban on US exports to Huawei North Korean hackers exploit unpatched Zimbra devices in 'No Pineapple' campaign Stealthy HeadCrab malware compromised over 1,200 Redis servers Over 1,800 Android Developer phishing forms for sale on cybercrime market Cyber Incidents Global markets impacted by ransomware attack on financial software company ION Group Australian, Black and White Cabs booking service offline after ransomware attack Cyber Advisory Transportation Security Administration (TSA) issues security directive to airports, carriers after no fly list leak VMware releases security update for VMware vRealize operations Subscribe and Comment. Copyright © 2023 CyberMaterial. All Rights Reserved. Listen to CyberBriefing on Apple Podcasts and Spotify. Follow CyberMaterial on LinkedIn, Twitter, Reddit, Instagram, Facebook, Youtube, and Medium.

Synacor, once a public company, went private last year after getting acquired by private equity firm Centre Lane Partners – a deal that came together roughly eight months after Synacor and Qumu scrubbed their proposed merger. Hosted on Acast. See acast.com/privacy for more information.

DDoS as misdirection. NSA shares lessons learned from cyber operations observed in Russia's war against Ukraine. Advice from CISA on Zimbra.. A misconfigured Microsoft storage endpoint has been secured. Notes from a study on the Cybersecurity Workforce . The cost to businesses of phishing. Betsy Carmelite from Booz Allen Hamilton on managing mental health in the cyber workforce. Our guest is Ismael Valenzuela of Blackberry with insights on "The Cyber Insurance Gap". And updates to the ransomware leaderboard. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/202 Selected reading. Bulgarian cyberattack: Sabotage as a cover for spying? (Deutsche Welle) Bulgarian websites impacted by Killnet DDoS attack (SC Media)  Lessons From Ukraine: NSA Cyber Chief Lauds Industry Intel (Meritalk) NSA Cybersecurity Director's Six Takeaways From the War in Ukraine (Infosecurity Magazine)  NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry (CyberScoop)  Investigation Regarding Misconfigured Microsoft Storage Location (Microsoft Security Response Center) 2019 Cybersecurity Workforce Study ((ISC)²)  The Business Cost of Phishing (Ironscales) Leading Ransomware Variants Q3 2022 (Intel471)

Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes

Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes

This episode reports on vulnerabilities in Zimbra and Fortinet products, a huge theft of cryptocurrency tokens at an exchange and more

Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Poland and Ukraine conclude cybersecurity agreement. Greek national natural gas supplier under criminal cyberattack. Update to the Joint Alert on Zimbra exploitation. Addition to CISA's Known Exploited Vulnerabilities Catalog. Johannes Ullrich from SANS on Control Plane vs. Data Plane vulnerabilities. Our guest is David Nosibor, Platform Solutions Lead for UL to discuss SafeCyber Phase II. And, finally, targeting and trolling, with an excursus on Speedos. Really. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/159 Selected reading. New Iranian APT data extraction tool (Google) LockBit gang hit by DDoS attack after Entrust leaks (Register)  Former security chief claims Twitter buried ‘egregious deficiencies' (Washington Post)  Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies (CNN)  Twitter's Ex-Security Head Files Whistleblower Complaint (Wall Street Journal) Deception, Bots, and Foreign Agents: The Twitter Whistleblower's Biggest Allegations (Time) The Ministry of Digital Transformation, State Service of Special Communication and Information Protection and the Council of Ministers of the Republic of Poland signed Memorandum of understanding in the cybersecurity field. (State Service of Special Communication and Information Protection)  Greek natural gas operator suffers ransomware-related data breach (BleepingComputer)  Greek gas operator refuses to negotiate with ransomware group after attack (The Record by Recorded Future) Announcement | (DESF) Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA)  US government really hopes you've patched your Zimbra server (Register) CISA Adds One Known Exploited Vulnerabilities to Catalog (CISA)  Speedo-wearing Russian tourists leak defence secrets on Twitter (The Telegraph)

This week, Dr. Doug talks: Tempus Fugit, PyPI, WordPress, Hikvision, Zimbra, Palo Alto, led morse code, and is joined by Expert Commentator Jason Wood on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn234

A DDoS attack against a Ukrainian nuclear power provider. The US Army draws some lessons from the cyber phases of Russia's hybrid war. Vulnerabilities in Zimbra are undergoing widespread exploitation.Reports of new Lazarus Group activity. CISA releases eight ICS security advisories. Carole Theriault looks at scammers and cryptocurrencies. Our guest is Jennifer Reed from Aviatrix on the changing landscape of cloud security. And the SEC charges three with insider trading during the 2017 Equifax breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/155 Selected reading. Ukrainian Nuclear Operator Accuses Russians Hackers Of Attacking Its Website (RadioFreeEurope/RadioLiberty) Ukraine nuclear power company says Russia attacked website (Al Jazeera) Ukraine Nuclear Operator Reports Cyberattack on Its Website (The Defense Post) How electronic warfare is reshaping the war between Russia and Ukraine (The Record by Recorded Future) Army lesson from Ukraine war: cyber, EW capabilities not decisive on their own (FedScoop) Learning from Ukraine, Army cyber schoolhouse focuses on electromagnetic spectrum (Breaking Defense) Cyber and full-spectrum operations push the Great Power conflict left of boom (Breaking Defense) Microsoft Exchange alternative Zimbra is getting widely exploited, 1000s hit (The Stack) CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suit (CyberWire) Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) A signed Mac executable… (ESET) Yokogawa CENTUM Controller FCS (CISA) LS ELECTRIC PLC and XG5000 (CISA) Delta Industrial Automation DRAS (CISA) Softing Secure Integration Server (CISA) B&R Industrial Automation Automation Studio 4 (CISA) Emerson Proficy Machine Edition (CISA) Sequi PortBloque S (CISA) Siemens Industrial Products with OPC UA (CISA) U.S. SEC charges 3 people with insider trading tied to Equifax hack (Reuters)  SEC Charges Three Chicago-Area Residents with Insider Trading Around Equifax Data Breach Announcement (US Securities and Exchange Commission)

CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, and Mitigations Volexity's Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925 Hackers are actively exploiting password-stealing flaw in Zimbra CISA adds Zimbra email vulnerability to its exploited vulnerabilities catal… CVE-2022-27925 detail Mass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925 CVE-2022-37042 detail Authentication bypass in MailboxImportServlet vulnerability CVE-2022-30333 detail UnRAR vulnerability exploited in the wild, likely against Zimbra servers Zimbra Collaboration Kepler 9.0.0 patch 25 GA release Zimbra UnRAR path traversal Operation EmailThief: Active exploitation of zero-day XSS vulnerability in… Hotfix available 5 Feb for zero-day exploit vulnerability in Zimbra 8.8.15 All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, and Mitigations Volexity's Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925 Hackers are actively exploiting password-stealing flaw in Zimbra CISA adds Zimbra email vulnerability to its exploited vulnerabilities catal… CVE-2022-27925 detail Mass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925 CVE-2022-37042 detail Authentication bypass in MailboxImportServlet vulnerability CVE-2022-30333 detail UnRAR vulnerability exploited in the wild, likely against Zimbra servers Zimbra Collaboration Kepler 9.0.0 patch 25 GA release Zimbra UnRAR path traversal Operation EmailThief: Active exploitation of zero-day XSS vulnerability in… Hotfix available 5 Feb for zero-day exploit vulnerability in Zimbra 8.8.15 All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649

And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649

This week, we start off the show by interviewing veteran cybersecurity journalist and author Joseph Menn. Now at the Washington Post, Joseph talks about his books and the best reporting on hacking and defense today! Then, in the Security News for this week: ICS training bill, 5 myths, VoIP devices and ransomware, miracle exploits, UnRAR and Zimbra, guess what the most common weakness is, security at the device level is NOT simple, keys to the kingdom, and HP says Destructive firmware attacks pose a significant threat to businesses! Segment Resources: https://www.amazon.com/Joseph-Menn/e/B001HD1MF6%3Fref=dbs_a_mng_rwt_scns_share https://www.washingtonpost.com/technology/2022/05/01/russia-cyber-attacks-hacking/ https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/ https://www.reuters.com/article/us-usa-security-rsa/exclusive-secret-contract-tied-nsa-and-security-industry-pioneer-idUSBRE9BJ1C220131220 https://www.reuters.com/article/microsoft-china/insight-microsoft-failed-to-warn-victims-of-chinese-email-hack-former-employees-idUKL1N14I1LU20151231 https://www.wired.com/story/cult-of-the-dead-cow-at-stake-hackers-excerpt/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw746

A daily look at the relevant information security news from overnight - 16 June, 2022Episode 246 - 16 June 2022Cisco Email Patch- https://www.bleepingcomputer.com/news/security/cisco-secure-email-bug-can-let-attackers-bypass-authentication/Android Malibot - https://www.zdnet.com/article/this-new-android-malware-bypasses-multi-factor-authentication-to-steal-your-passwords/PrintNightmare Still Exposed- https://www.infosecurity-magazine.com/news/new-printnightmare-patch-bypassed/Shoprite Compromised - https://www.bleepingcomputer.com/news/security/extortion-gang-ransoms-shoprite-largest-supermarket-chain-in-africa/Zimbra Zinger - https://portswigger.net/daily-swig/business-email-platform-zimbra-patches-memcached-injection-flaw-that-imperils-user-credentialsHi, I'm Paul Torgersen. It's Thursday June 16th, 2022, and this is a look at the information security news from overnight. From BleepingComputer.comCisco is warning customers to patch a critical vulnerability that could allow attackers to login into the web management interface of Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The flaw is due to improper authentication checks on affected devices using Lightweight Directory Access Protocol (LDAP) for external authentication. From ZDNet.com:A new Android malware called Malibot steals passwords, bank details and crypto wallets, and bypasses multi-factor authentication. Oh, it can also access text messages, steal browser cookies and take screenshots. It is distributed through smishing and fake websites, one of which spoofs a legit crypto tracker that has more than a million downloads on the Play Store. Current targets are customers of Spanish and Italian banks. From Infosecurity-Magazine.com:On Tuesday, Microsoft released a partial patch for the PrintNightmare zero-day. On Wednesday they pushed an out of band patch for the remaining affected products. Later Wednesday, researchers found a way around the new patch to still exploit the original vulnerability. The ongoing flaw relates to the Point and Print function, which microsoft says is not directly related to the flaw, but has a weak security posture which makes exploitation possible. From BleepingComputer.com:Africa's largest supermarket chain, Shoprite, has been hit by a ransomware attack. The company, which operates almost three thousand stores across twelve countries in the continent, warned customers Eswatini, Namibia and Zambia that their personal information may have been compromised. A threat group called RansomHouse has claimed responsibility for the attack. There has been no mention of any business disruptions or operational issues, so this may be a straight data theft with no files encrypted. And last today, from ZPortSwigger.net Business webmail platform Zimbra has patched a memcached injection vulnerability that could allow attackers to steal login credentials without user interaction. It would steal cleartext credentials from the Zimbra instance, when the mail client connects to the server to check their mail. Details and a link to the Sonar research in the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

O Bola é certamente um dos caras mais legais do mundo! Vocalista, fundador e compositor da Banda Zimbra, ele nasceu em Santos e passou muitos anos achando que seria jogador de futebol, até ser picado pelo bichinho da música! Faz muito tempo que eu tenho vontade de gravar esse podcast com ele, mas o convite foi inevitável agora que eu descobri que ele NUNCA DIZ NÃO, ouça este episódio pra entender melhor... Compre o livro do Eu Tava Lá! Estude na Alura com 10% de desconto! Assine e ouça nosso conteúdo exclusivo! Ouça a Banda Zimbra!