פודקאסטים בנושא Malware

על ידי Jerry Bell and Andrew Kalat

https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/ https://arstechnica.com/gadgets/2021/07/feds-list-the-top-30-most-exploited-vulnerabilities-many-are-years-old/ https://www.securityweek.com/hospital-network-reveals-cause-2020-cyberattack https://www.csoonline.com/article/3628331/rece…

https://therecord.media/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular/ https://blog.erratasec.com/2021/07/ransomware-quis-custodiet-ipsos-custodes.html?m=1 https://www.databreachtoday.com/how-mespinoza-ransomware-group-hits-targets-a-17086 https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/ https://ars…

https://www.csoonline.com/article/3623760/printnightmare-vulnerability-explained-exploits-patches-and-workarounds.html#tk.rss_all https://www.securityweek.com/continuous-updates-everything-you-need-know-about-kaseya-ransomware-attack https://www.databreachtoday.com/kaseya-raced-to-patch-before-ransomware-disaster-a-17006…

https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21/ https://www.databreachtoday.com/cisa-firewall-rules-could-have-blunted-solarwinds-malware-a-16919 https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/ https://www.bleepingcomputer.com/news/securit…

We’re baaaackעל ידי Jerry Bell and Andrew Kalat

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times exposed a public harassment campaign likely waged by one wo…

https://www.securityinformed.com/news/intruder-research-mongodb-databases-breached-connected-internet-co-1594211095-ga-co-1594211806-ga.1594215158.html https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/ https://www.csoonline.com/article/3564726/privilege-escalation-explained-why-these-flaws-are-so-valu…

https://www.bankinfosecurity.com/capital-one-must-turn-over-mandiant-forensics-report-a-14352 https://www.databreachtoday.com/insider-threat-lessons-from-3-incidents-a-14312 https://www.zdnet.com/article/ransomware-deploys-virtual-machines-to-hide-itself-from-antivirus-software/על ידי Jerry Bell and Andrew Kalat

https://www.securityweek.com/recent-salt-vulnerabilities-exploited-hack-lineageos-ghost-digicert-servers https://www.zdnet.com/article/ransomware-mentioned-in-1000-sec-filings-over-the-past-year/על ידי Jerry Bell and Andrew Kalat

https://www.zdnet.com/article/dhs-cisa-companies-are-getting-hacked-even-after-patching-pulse-secure-vpns/ https://www.bankinfosecurity.com/attackers-increasingly-using-web-shells-to-create-backdoors-a-14179 https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files/…

https://www.tomsguide.com/news/zoom-security-privacy-woes https://www.bankinfosecurity.com/blogs/learn-from-how-others-get-breached-equifax-edition-p-2870 https://www.zdnet.com/article/microsoft-how-one-emotet-infection-took-out-this-organizations-entire-network/ https://www.microsoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Ope…

Be well, be safe, take care of yourselves, and take care of others (from an appropriate distance). https://www.businessinsider.com/coronavirus-apple-secrecy-work-from-home-difficult-2020-3 https://www.csoonline.com/article/3531963/8-key-security-considerations-for-protecting-remote-workers.html https://www.zdnet.com/article/microsoft-99-9-of-compro…

https://www.securityweek.com/state-sponsored-cyberspies-use-sophisticated-server-firewall-bypass-technique https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/ https://www.sec.gov/files/OCIE%20Cybersecurity%20and%20Resiliency%20Observations.pdfעל ידי Jerry Bell and Andrew Kalat

https://www.darkreading.com/risk/cybercriminals-swap-phishing-for-credential-abuse-vuln-exploits/d/d-id/1337019 https://www.businessinsider.com/phishing-scams-getting-more-sophisticated-what-to-look-out-for-2020-2#hackers-will-start-by-targeting-low-level-employees-then-moving-laterally-to-compromise-executives-accounts-1 https://krebsonsecurity.co…

https://www.bankinfosecurity.com/judge-rules-insurer-must-pay-for-ransomware-damage-a-13673 https://www.zdnet.com/google-amp/article/new-york-state-wants-to-ban-government-agencies-from-paying-ransomware-demands/ https://www.bankinfosecurity.com/nist-drafts-guidelines-for-coping-ransomware-a-13679 https://arstechnica.com/information-technology/2020…

https://www.securityweek.com/attacker-installs-backdoor-blocks-others-exploiting-citrix-adc-vulnerability https://www.securityweek.com/court-approves-equifax-data-breach-settlement https://www.infosecurity-magazine.com/news/equifax-breach-settlement-could/ https://www.natlawreview.com/article/ico-issues-fine-against-national-retailer-security-faili…

https://www.irishtimes.com/news/crime-and-law/courts/high-court/firm-being-blackmailed-by-hackers-for-6m-obtains-irish-court-injunction-1.4128069 https://inews.co.uk/inews-lifestyle/travel/travelex-hack-cyber-attack-ransomware-sodinokibi-travel-money-uk-firm-data-breach-explained-1358454 https://securityaffairs.co/wordpress/96046/hacking/microsoft-…

https://www.wwltv.com/article/news/crime/city-government-in-recovery-mode-after-cyberattack/289-514a376e-16de-4b43-9756-a30baefe4c28 https://arstechnica.com/information-technology/2019/11/hackers-paradise-louisianas-ransomware-disaster-far-from-over/ https://www.csoonline.com/article/3488816/how-a-nuclear-plant-got-hacked.html…

https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/ https://www.csoonline.com/article/3454443/how-a-bank-got-hacked-a-study-in-how-not-to-secure-your-networks.htmlעל ידי Jerry Bell and Andrew Kalat

https://arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storage/ https://www.csoonline.com/article/3452747/what-you-need-to-know-about-the-new-owasp-api-security-top-10-list.html https://www.securityweek.com/pci-dss-compliance-between-audits-declining-verizon https://krebsonse…

https://securityaffairs.co/wordpress/92484/data-breach/imperva-data-breach-2.html https://arstechnica.com/information-technology/2019/10/the-count-of-managed-service-providers-getting-hit-with-ransomware-mounts/ https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/על ידי Jerry Bell and Andrew Kalat

https://www.csoonline.com/article/3441220/marriott-data-breach-faq-how-did-it-happen-and-what-was-the-impact.htmlעל ידי Jerry Bell and Andrew Kalat

https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/על ידי Jerry Bell and Andrew Kalat

Get well soon, Mr. Kalat!על ידי Jerry Bell and Andrew Kalat

https://www.theregister.co.uk/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova/ https://www.zdnet.com/google-amp/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/ https://arstechnica.com/information-technology/2019/03/50-shades-of-greyhat-a-study-in-how-not-to-handle-security-disclosu…

https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/ https://www.securityweek.com/russian-state-sponsored-hackers-are-fastest-crowdstrike https://www.zdnet.com/article/icann-there-is-an-ongoing-and-significant-risk-to-dns-infrastructure/ https://www.infosecurity-magazine.com/news/password-managers-no-more-secure-1/ https…

https://www.securityweek.com/hackers-using-rdp-are-increasingly-using-network-tunneling-bypass-protections https://www.zdnet.com/article/trojan-malware-is-back-and-its-the-biggest-hacking-threat-to-your-business/ https://www.csoonline.com/article/3336923/security/phishing-has-become-the-root-of-most-cyber-evil.html https://www.darkreading.com/attac…

https://www.zdnet.com/ article/popular-wordpress- plugin-hacked-by-angry-former-employee/ https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/ https://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/ – https://www.zdnet.com/article/firms-fined-1m-for-singheal…

https://lifehacker.com/why-smart-people-make-stupid-mistakes-1831503216 https://www.chicagotribune.com/business/ct-biz-tribune-publishing-malware-20181230-story,amp.html https://www.securityweek.com/was-north-korea-wrongly-accused-ransomware-attacks https://www.healthcareitnews.com/news/staff-lapses-and-it-system-vulnerabilities-are-key-reasons-beh…

https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/ https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/…

https://www.dutchnews.nl/news/2018/11/internet-con-men-ripped-off-pathe-nl-for-e19m-in-sophisticated-fraud/ https://lifehacker.com/how-password-constraints-give-you-a-false-sense-of-secu-1830564360 https://www.csoonline.com/article/3319704/data-protection/the-end-of-security-as-we-know-it.html https://www.careersinfosecurity.com/breach-settlement-h…

https://www.zdnet.com/article/this-is-how-artificial-intelligence-will-become-weaponized-in-future-cyberattacks/ https://www.securityinfowatch.com/article/12434583/everyone-needs-to-take-responsibility-for-cybersecurity-in-the-workplace https://www.zdnet.com/article/adobe-coldfusion-servers-under-attack-from-apt-group/ https://www.securityweek.com/…

https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/ https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html https://www.securityweek.com/insurer-anthem-will-pay-record-16m-massive-data-breach https://blog.…

Note: this episode is being re-released to fix a problem with the mp3 download. https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/ https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/ https://krebsonsecur…

https://motherboard.vice.com/en_us/article/pa8emg/russian-indicted-jp-morgan-chase-hack https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/ https://www.zdnet.com/article/phishing-alert-north-korean-hacking-attacks-shows-your-email-is-still-the-weakest-link/ https://www.verizon.com/about/news/lifting-lid-cybercri…

https://www.zdnet.com/article/this-destructive-ransomware-has-made-crooks-6m-by-encrypting-data-and-backups/ https://www.bleepingcomputer.com/news/security/reddit-announces-security-breach-after-hackers-bypassed-staffs-2fa/ https://www.databreachtoday.com/art-steal-fin7s-highly-effective-phishing-a-11286 https://www.wired.com/story/notpetya-cyberat…

https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most https://www.bankinfosecurity.com/labcorp-still-recovering-from-ransomware-attack-a-11235 https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain https://arstechnica.com/information-technology/2018/07/prolific-ha…

https://www.csoonline.com/article/3285982/data-protection/4-reasons-why-cisos-must-think-like-developers-to-build-cybersecurity-platforms.html https://www.csoonline.com/article/3287655/phishing/stop-training-your-employees-to-fall-for-phishing-attacks.html https://www.bankinfosecurity.com/cryptojacking-displaces-ransomware-as-top-malware-threat-a-1…

https://www.esecurityplanet.com/network-security/security-projects-cisos-should-consider-gartner.html Data breach defendant must hand over computer forensics reports: court https://www.theregister.co.uk/2018/06/26/digitally_signed_malware/ https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149 https://blog.errata…

https://www.wired.com/story/exactis-database-leak-340-million-records/ https://www.helpnetsecurity.com/2018/06/19/opm-breach-fraud/ https://www.tenable.com/blog/should-you-still-prioritize-exploit-kit-vulnerabilitiesעל ידי Jerry Bell and Andrew Kalat

https://www.csoonline.com/article/3276584/ransomware/what-does-a-ransomware-attack-cost-beware-the-hidden-expenses.html https://www.bankinfosecurity.com/mental-health-provider-pays-ransom-to-recover-data-a-11040 https://www.itbusinessedge.com/blogs/data-security/did-we-see-our-first-data-breach-of-the-gdpr-era.html…

https://www.zdnet.com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/ https://www.zdnet.com/article/enterprise-vulnerability-management-as-effective-as-random-chance/ https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/ https://www.databreachtoday.com/nuance-communi…

https://www.csoonline.com/article/3262168/ransomware/customers-describe-the-impact-of-the-allscripts-ransomware-attack.html https://www.infosecurity-magazine.com/news/atlanta-city-splurges-27m/ https://arstechnica.com/information-technology/2018/04/insecure-rsa-conference-app-leaked-attendee-data/ https://www.wired.com/story/inside-the-unnerving-su…

https://www.verizonenterprise.com/verizon-insights-lab/dbir/על ידי Jerry Bell and Andrew Kalat

https://www.bankinfosecurity.com/nj-ag-smacks-practice-hefty-fine-for-vendor-breach-a-10774 https://www.bankinfosecurity.com/panera-bread-data-leak-persisted-for-eight-months-a-10760 http://www.eweek.com/security/best-buy-delta-sears-hit-by-third-party-chat-widget-breach http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-hack-folo-20180328-st…

https://www.csoonline.com/article/3265024/privacy/are-you-letting-gdpr-s-privacy-rules-trump-security.html http://www.zdnet.com/article/doj-indicts-iranian-hackers-for-stealing-data-from-144-us-universities/ https://www.databreachtoday.com/report-guccifer-20-unmasked-at-last-a-10737 https://www.databreachtoday.com/expedias-orbitz-suspects-880000-pa…

https://www.theguardian.com/business/2018/mar/14/equifax-insider-trading-data-breach-jun-ying-charged https://gizmodo.com/us-power-company-fined-2-7-million-over-security-flaws-1823745994 https://www.csoonline.com/article/3262551/data-protection/are-your-employees-unwittingly-invalidating-your-cyber-liability-insurance.html https://www.cisecurity.o…

https://www.csoonline.com/article/3258817/data-breach/sec-guidance-on-it-security-would-you-report-security-risks-before-a-breach.html http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/ http://au.news.yahoo.com/a/39380423/equifax-expects-net-200-million-in-breach-related-costs-in-2018/ …

https://www.bleepingcomputer.com/news/security/destructive-malware-wreaks-havoc-at-pyeongchang-2018-winter-olympics/ https://www.cyberscoop.com/atos-olympics-hack-olympic-destroyer-malware-peyongchang/ https://www.bankinfosecurity.com/blogs/attribution-games-dont-rush-to-blame-p-2594 http://www.zdnet.com/article/meltdown-spectre-flaws-weve-found-ne…