ISC StormCast for Tuesday, September 27th, 2022
Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for
Unrest in Iran finds expression in cyberspace. Cyber conflict and diplomacy. Cybercrime in the hybrid war. And there seems to have been an arrest in the Uber and Rockstar breaches.
Unrest in Iran finds expression in cyberspace. Albania explains its reasons for severing relations with Iran. Cybercrime in the hybrid war. Rick Howard on risk forecasting with data scientists. Dave Bittner...
News & Analysis | NO. 350
Infowar Audit, Zoom Reflections, SF CamerasSupport the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
Uber Hacked by 18 Year Old, Morgan Stanley Hard Drives Got Auctioned, Deleting Your Data is Hard
Uber got hacked by an 18 year old using social engineering and a multi-factor authentication fatigue attack, Morgan Stanley has been auctioning off hard drives holding sensitive client data since 2015, and why is it so hard for social...
ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading
Episode 342 – Programming languages are the new operating system
Josh and Kurt talk about programming language ecosystems tracking and publishing security advisory details. We are at a point in the language ecosystems where they are giving us services that have historically been reserved for operating systems. Show Notes...
Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
Adam Marrè, CISO from Arctic Wolf sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world and...
Weekly Update 314
Presently sponsored by: SecAlerts vulnerability awareness: Receive CVE & zero-day alerts, news & version updates all matched to your software. Discount code within!Wow, what a week! Of course there's lots of cyber / tech stuff in this week's update,...
Keeping an eye on RDS vulnerabilities. [Research Saturday]
Gafnit Amiga, Director of Security Research from Lightspin joins Dave to discuss her team's research "AWS RDS Vulnerability Leads to AWS Internal Service Credentials." The research describes how the vulnerability was...
7MS #539: Eating the Security Dog Food – Part 4
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Today we revisit a series...
Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
The GRU's closely coordinating with cyber criminals. An unidentified threat actor deploys malicious NPM packets. Gootloader uses blogging and SEO poisoning to attract victims. Metador is a so-far unattributed threat actor....
SWN #241 – Credential Stuffing, Bionic Cockroaches, ICS, Magento, & SIM Swap Mobsters – Wrap Up
This week, Dr. Doug talks: Bionic Cockroaches, Credential Stuffing, MFA Fatigue, ICS, Magento, Mobsters as well as all the Show Wrap Ups for this week! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us...
ESW #289 – Jonathan Roizin
This week, Jonathan Roizin from Flow Security joins to discuss what this new security category is all about and how it differs from the OG, false positive heavy DLP we'd all rather forget! Data Security Posture Management (DSPM) is...
Fractured Web with Charlie Northrup
Charlie Northrup is the co-founder of NeurSciences, a software technology, architecture, and solutions development company that provides there artificially intelligent digital brain applications to integrate, manage, and automate the things that truly matter to us. He’s focused on the...
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing
GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.
GRU operators masquerade as Ukrainian telecommunications providers. Another video game maker is compromised to spread malware. Noberus may be a successor to Darkside and BlackMatter ransomware. Robert M. Lee from Dragos explains...
CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]
This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show notes describes TTPs that malicious actors...
S3 Ep101: Uber and LastPass – is 2FA all it's cracked up to be?
Security SOS Week 2022 - check it out! The very first Android. Firefox 105 is out. Uber hacked... by LAPSUS$? LastPass talks about its breach. Are two disks better than one?
https://nakedsecurity.sophos.com/interested-in-cybersecurity-join-us-for-security-sos-week
https://nakedsecurity.sophos.com/s3-ep100-5-uber-breach-an-expert-speaks
https://nakedsecurity.sophos.com/uber-has-been-hacked-boasts-hacker
https://nakedsecurity.sophos.com/lastpass-source-code-breach-incident-response
With Doug Aamoth and Paul Ducklin
Original music by Edith...
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. [CISA Cybersecurity Alerts]
In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state...
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of
Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure
Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…
BrandPost: Extortion Economics: Ransomware’s New Business Model
Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...
Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says
Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...
Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats
Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.
Zoho ManageEngine flaw is actively exploited, CISA warns
A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...
