Gesamtlänge aller Episoden: 44 days 1 hour 48 minutes
Malicious Google ads for Signal and Telegram are being used to lure the unwary into downloading an info-stealer. LV ransomware looks like repurposed REvil. A study of the US Defense Industrial Base finds that many smaller firms, particularly ones that specialize in research and development, are vulnerable to ransomware attacks. Rick Howard ponders how we categorize state sponsored cybercrime. Our guest is Sudheer Koneru from Zenoti on how data privacy impacts salons and spas...
ReverseRat looks like a state-run espionage tool active in South and Central Asia. The US Justice Department seizes thirty-three sites run by media aligned with the Iranian government. Poland offers more clarity on a cyberespionage campaign it attributes to Russia. An intercept and inspection company’s executives are indicted for complicity with torture. NSA opens a Cybersecurity Collaboration Center for industry. Joe Carrigan examines Apple’s push to replace passwords...
The ChaChi Trojan is out, about, and interested in educational institutions. Bogus free subscription cancellations figure in a social engineering campaign designed to get the victims to download BazarLoader. Ursnif is automating fraudulent bank transfers with Cerberus Android malware. The US Senate invites the Department of Defense to think of ransomware as analogous to piracy, and Defense says it’s thinking along those lines. And rest in peace, John McAfee...
REvil hits a Brazilian medical diagnostics company and a British fashion retailer. A misconfigured cloud database exposes millions of WordPress user records. A new cryptojacker is deploying XMrig to mine Monero. A judgment is issued against a hacker and one of the traders he worked with to trade securities on non-public information. Johannes Ullrich from SANS on server site request forgery and errors in validating IP addresses...
The SVR’s Nobelium appears to be back, this time with a less-than-fully successful cyberespionage campaign. The Netfilter driver is assessed as malware. Idle hands seem to make for more attacks against online gaming. Mercedes-Benz USA reports a data exposure incident. CISA starts to keep track of bad practices. The International Institute for Strategic Studies publishes a net assessment of national cyber power. Carole Theriault looks at the security implications of frictionless online commerce...
Legitimate tools are abused as commodity initial access payloads. Hades ransomware is circulating in some new sectors. Criminal markets are sharing more features with legitimate markets, including advertising, recruiting, and even funding rounds. Cybercrime uses cryptocurrency, but the key to success may be location more than technology. Ben Yelin describes insurance companies collaborating on cyber breach data collection...
A report on threats to industrial control systems is out, and it focuses on ransomware, coinjacking, and legacy malware. EternalBlue remains a problem. The US is preparing a formal attribution in the case of the Microsoft Exchange Server campaign. An international police operation has taken down DoubleVPN, and the authorities seem pretty pleased with their work. Joe Carrigan examines vulnerabilities in systems from Dell...
US and British authorities warn of a large-scale GRU campaign aimed at brute-forcing its way into European and American organizations. Reports of a major cyberattack on German critical infrastructure appear very much exaggerated. IndigoZebra uses Dropbox in ministry-to-ministry deception aimed at the Afghan government. Currently active ransomware groups are profiled, and REvil is now going after Linux systems in addition to Windows machines...
Mitigations for the PrintNightmare vulnerability are suggested. Wizard Spider has a new strain of ransomware in its toolkit. A new RagnarLocker strain is in circulation. NETGEAR patches router firmware. Russia reacts to US and US reports of a GRU brute-forcing campaign: Moscow says it didn’t do it. Kevin Magee from Microsoft shares some of the tools he uses to keep himself and his team up to date. Our guest is Andrew Patel from F-Secure on how to prepare security teams for AI-powered malware...
Updates on the Kaseya ransomware incident, as REvil strikes again. Concerns about other ransomware attacks against industrial targets rise. Google expels credential-stealing apps from the Play Store. Online gamers draw various threat actors. Carole Theriault examines the elements that could put you in the crosshairs for ransomware. Ben Yelin has an update on the Facebook antitrust case. And the Tokyo Olympic Games will be on alert for cyberattacks...