CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily
(3)
Well this isn't good if you are a customer of ... Okta's source code stolen after GitHub repositories hacked
In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.
The that keeps on giving, while not in the US yet, pay attention, 10 levels of tricks to hide itself... Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems
Raspberry Robin worm has been attacking telecommunications and government systems in regions including Latin America, Australia, and Europe.
Not the team up we were looking for, especially with the words targeting minecraft and others.... Microsoft discovers Windows/Linux botnet used in DDoS attacks – Ars Technica
MCCrash is specially designed to take down Minecraft servers and performs other DDoSes.
I've been at a few organizations that use this, if you do use beware... NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear • TechCrunch
The U.S. spy agency says APT5, a notorious China-backed cyber espionage group, is actively exploiting the vulnerability.
Cybersecurity News Byte with Jim Guckin : Episode 38: December 12 2022
[00:36] Sequoia Discloses a Data Breach [09:56] Health Dept warns of Royal Ransomware [16:35] Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto [23:17] Cisco discloses high-severity IP phone zero-day
Check out this weeks episode of CyberSecurity News Byte: Sequoia Discloses a Data Breach, Health Dept warns of Royal Ransomware, Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto, Cisco discloses high-severity IP phone zero-day
Don't forget to be on the lookout for holiday as they will be praying on people. I jiist got this one, and I'm sure it won't be the last.
While this is an opinion piece, I can't agree more and have been saying this for years...security is better together with ... Better Together: Why It's Time for Ops and Security to Converge
Threat actors are becoming only more sophisticated and determined.
For those who thought was dead, well its back with some new tricks... Emotet is back and delivers payloads like IcedID and Bumblebee
The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee.
Cybersecurity News Byte with Jim Guckin : Episode 35: November 21 2022
Bullet points of key topics + chapter markers [00:36] Amazon RDS Instances Leaking Users' Personal Data [04:24] Dangerous BatLoader Malware Dropper [10:44] Samba Vulnerability Can Lead to DoS or RCE [15:23] RapperBot Targets Game Servers with Modified Brute-Force and DDoS Attacks
A group is using common mistyped domains to target financial customers. Why hasn't the Disney legal team shut them down for copyright... Ha ha ha... Disneyland Malware Team: It’s a Puny World After All – Krebs on Security
November 16, 2022 8 Comments A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets...
While it doesn't named the this is scary, it's a foundation of trust on the internet... State-sponsored hackers in China compromise certificate authority – Ars Technica
Active in dozens of advanced hacks since 2009, Billbug is still going strong.
Good update to the and what's currently going on... FTX Hacker Panicked, Still Holds $339M in Ether, Cryptos: Arkham Intelligence
The mysterious looter siphoned about $400 million in digital assets from crypto exchange FTX late Friday night.
Part of me sees these and wonder if it needs a whole article, or just a single line of no your won't pretext you against ... Will using a VPN help protect you from malware or ransomware? | ZDNET
There are plenty of good reasons to use a VPN, especially when traveling. But be sure you know exactly where that protection starts and stops.
Cybersecurity News Byte with Jim Guckin : Episode 33: November 07 2022
Bullet points of key topics + chapter markers [00:36] Hack of IT firm may include health records [09:03] FBI: Hacktivist DDoS attacks had minor impact on critical orgs [15:05] AstraZeneca password lapse exposed patient data [21:26] Hijacker replaces crypto addresses with lookalikes
Cybersecurity News Byte with Jim Guckin : Episode 34: November 11 2022
Bullet points of key topics + chapter markers [00:36] Companies who pay ransomware become targets [10:50] Yanluowang Group Hacked [19:55] Hackers Are Publishing Stolen Abortion Records on the Dark Web [25:06] Fake financial regulators
Cybersecurity News Byte with Jim Guckin : Episode 32: October 31 2022
[00:36] Data Wiper Frame Security Researchers [08:12] Chrome Urgent Update [12:09] LinkedIN Phishing Campaign Bypass Protections [17:13] Cranefly’s Stealthy Techniques
Cybersecurity News Byte with Jim Guckin : Episode 31: October 24 2022
Bullet points of key topics + chapter markers [00:36] Emotet learns a new trick [06:16] Are Open-Source Repositories Safe? [12:34] Text4Shell Concern [18:18] 16 Apps Pulled Due to Malware
Cybersecurity News Byte with Jim Guckin : Episode 29: October 03 2022
Bullet points of key topics + chapter markers [00:36] Vice Society sets a deadline for LA School District to pay ransom [08:37] SolarMarker Makers uses spamdexing to target tax consulting organization [12:48] BEC Attacks on the Rise [17:43] Former IT Administrator Criples Company [22:53] LinkedIN CI...
If you are not aware, the / customers data has been leaked... 2K Customer Data Stolen, Sold Online After Support Desk Scam
The publisher has now contacted those affected, saying the thieves 'accessed and copied some personal data'
We've seen this type of already, if you organization shares business data on any cloud chat platform... STOP.... Microsoft Teams users are using it for a really bad reason, so stop now | TechRadar
Sorry! Page not found. The page you're looking for has either been moved or removed from the site. Please try searching our site or start again on our homepage.
I understand the security implications, but some users are already struggling with and , this is only going to confuse some people... 2FA is over. Long live 3FA! - Help Net Security
Organizations should consider three-factor authentication (3FA), but the new device can't be used to authenticate from a foreign device.
Not a fan of hardcoded key for this reason, once it's compromised its hard to replace... Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys
A critical vulnerability (CVE-2022-38465 / CVSS 9.3) in Siemens Simatic programmable logic controllers (PLCs).
deploys a fix for a deploy as quickly as you can, you should get it on test systems today at least... Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws
Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws.
I can't tell you how many technology professionals don't know the low bar of entry to in this day and age... Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale their attacks.
If you haven't taken action yet... Why? Attacks are in the wild... Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug
Fortinet warns that the newly discovered critical vulnerability affecting its firewall and proxy products is being actively exploited in the wild.
Cybersecurity News Byte with Jim Guckin : Episode 30: October 10 2022
Bullet points of key topics + chapter markers [00:36] Emotet’s Current Tactics [06:33] Zimbra’s Unpatched RCE Flaw [11:15] Toyota Customers prepare for Phishing [17:04] City of Tucson discloses data breach
For my friends, incase anyone updates... Microsoft: Windows 11 22H2 causes file copy performance hit
Microsoft has confirmed a new known issue causing customers to experience a significant performance hit when copying large files over SMB after installing the Windows 11 22H2 update.
If you use on your permiter be aware there's a serious authentication bug..... Fortinet warns admins to patch critical auth bypass bug immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability.
I honestly can't believe (but I do), that 66% of systems don't use communications.. Loads of connected PostgreSQL systems do not use SSL • The Register
They probably shouldn't be connected in the first place, says database expert
I was once told by an organization that who cares if the drivers are updated? Well hackers.... BlackByte Ransomware Abuses Legitimate Driver to Disable Security Protections | SecurityWeek.Com
BlackByte ransomware is seen targeting a vulnerability in the legitimate RTCore64.sys driver to disable EDR solutions.
This shows the not only compa ies get extorted during a , even the customers can get extorted... Police arrest teen for using leaked Optus data to extort victims
The AFP (Australian Federal Police) have arrested a 19-year-old man in Sydney and charged him for allegedly using leaked Optus customer data for extortion.
If you are running a environment, be aware of the new ... New 0-day vulnerability found in Microsoft Exchange - ALI TAJRAN
A new zero-day vulnerability in Microsoft Exchange Server is found which is exploiting in wild. Mitigate now and wait for official release!
Cybersecurity News Byte with Jim Guckin : Episode 28: September 19 2022
Bullet points of key topics + chapter markers [00:36] Patreon Lays Off Its Entire Security Team [13:17] Uber Hacked [22:59] Rockstar Hacked [30:51] TikTok can record what you type
A skillet that every worker needs to know, look at the url, it's not foolproof, but better than none... Fake sites fool Zoom users into downloading deadly code
Ah, the human touch
When I was younger if you said to me a power distribution unit would cause security concerns... I would of laughed... Not laughing anymore... Critical Remote Hack Flaws Found in Dataprobe's PDU
CISA warns of newly identified critical remotely exploitable vulnerabilities in Dataprobe's power distribution unit product.
How.... Honestly how... In this day and age your IT people... Let alone a security professional, think this was a good idea... Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign
Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign.
I don't know if there have always been record attacks or that we're reporting them more frequently... Imperva blocked a record DDoS attack with 25.3 billion requests
Cybersecurity company Imperva announced to have mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests.
If you are using , immediately see if you are impacted by this ... Critical QNAP NAS Zero-Day Bug Exploited to Deliver DeadBolt Ransomware buff.ly/3qksuqY…
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Cybersecurity News Byte with Jim Guckin : Episode 27: September 05 2022
Bullet points of key topics + chapter markers [00:36] Magecart’s New JavaScript Skimmer Targets Magento Websites [06:59] Hackers adopt Sliver toolkit as a Cobalt Strike alternative [14:53] Google Chrome emergency update fixes new zero-day used in attacks [23:13] Was TikTok Breached?
Be the first to know and let us send you an email when CyberSecurity News Byte Podcast posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.
Want your business to be the top-listed Media Company?
