I'm a newbie to podcasts, but I got hooked recently because I can listen while doing something else.

What are your favorite cybersecurity podcasts? I'm not even sure the best way to link podcasts either, but regardless: the ones I'm liking so far are:

The Cyberwire: https://thecyberwire.com/podcasts

CISO Series: https://cisoseries.com/

Darknet Diaries: https://darknetdiaries.com/

Cybersecurity Today: https://www.itworldcanada.com/podcasts

Smashing Security: https://www.smashingsecurity.com/

Malicious Life: https://malicious.life/

Any more great recommendations? Any drama about the above ones?

Executive summary

In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.

The malware gained access to the healthcare institution systems through an infected USB drive. During the investigation, the Check Point Research (CPR) team discovered newer versions of the malware with similar capabilities to self-propagate through USB drives. In this way, malware infections originating in Southeast Asia spread uncontrollably to different networks around the globe, even if those networks are not the threat actors’ primary targets.

The main payload variant, called WispRider, has undergone significant revisions. In addition to backdoor capabilities and the ability to propagate through USB using the HopperTick launcher, the payload includes additional features, such as a bypass for SmadAV, an anti-virus solution popular in Southeast Asia. The malware also performs DLL-side-loading using components of security software, such as G-DATA Total Security, and of two major gaming companies (Electronic Arts and Riot Games). Check Point Research responsibly notified these companies on the above-mentioned use of their software by the attackers.

The findings in this report, along with corroborating evidence from other industry reports, confirm that Chinese threat actors, including Camaro Dragon, continue to effectively leverage USB devices as an infection vector.

The prevalence and nature of the attacks using self-propagating USB malware demonstrate the need of protecting against those, even for organizations that may not be the direct targets of such campaigns. We found evidence of USB malware infections at least in the following countries: Myanmar, South Korea, Great Britain, India and Russia.

A social media network code-named P92 possibly compatible with ActivitPub, will allow users to log in using their existing Instagram credentials and share their thoughts.

This could be what Meta has in the pipeline as a possible plan to obliterate Twitter in the future.

Autonomy. Facebook has for the longest time lacked user autonomy, according to some tech reviews and this could be the answer to previous criticism.

From what we know thus far, the feature or app, will work on independent servers to allow users the space to set their code of conduct.

What is it?

Meta is developing a decentralized social media platform which is reportedly aimed at competing with Elon Musk’s Twitter.

Meta is exploring a standalone network for sharing text updates.

Twitter’s possible competitor codenamed project P92 will be accessed using the same login details as Instagram. At least that’s what we know so far.

The app will be compatible with ActivityPub, the protocol used by the open source Twitter alternative Mastodon.

Decentralized platform

Separate servers. A decentralized platform means users of the app will be able to join separate servers and broadcast posts to people on other servers.

Codename P92 is expected to be similar to Twitter, in the sense that posts will allow comments including other possible cool hacks as additions.

Users of the proposed incoming app will gain access to other users information by leveraging existing Instagram data, such as names, profile photos and other information.

As Peter Thiel, one of Facebook’s prominent investor, put it: "Competition is for losers." Yep, those pseudo "market is always right" people don’t want a market when they are in it. They want a monopoly. Since its inception, Facebook have been very careful to kill every competition. The easiest way of doing it being by buying companies that could, one day, become competitors. Instagram, WhatsApp to name a few, were bought only because their product attracted users and could cast a shadow on Facebook.

But the Fediverse cannot be bought. The Fediverse is an informal group of servers discussing through a protocol (ActivityPub). Those servers may even run different software (Mastodon is the most famous but you could also have Pleroma, Pixelfed, Peertube, WriteFreely, Lemmy and many others).

You cannot buy a decentralised network!

But there’s another way: make it irrelevant. That’s exactly what Google did with XMPP.

The cybersecurity awareness trainer role aligns with the NICE Workforce Framework to Oversee and Govern, Protect and Defend, and Securely Provision.

Here are your responsibilities in this role:

• Train employees and users on how to recognize and prevent email security threats. This includes phishing scams, spoofing, vishing, whaling, and others.

• Promote organization-wide security awareness. This will apply to in-house and outsourced teams, including employees working from home.

• Train employees on how to protect against malware attacks like ransomware, spyware, scareware, adware, and keylogger. This will also cover anti-virus measures.

• Organize periodic security awareness training to ensure employees adopt security practices. This will also ensure that all personnel are conversant with the latest security threat.

• Provide real-world threat simulations to reinforce the importance of security awareness in the organization.

• Establish organization-wide password security and management measures. This includes how often passwords are changed, password format, and the use of multi-factor authentication.

• Train employees on how to respond to and report incidents.

• Provide training on acceptable practices for personal and corporate devices, including removable media. Part of this training will cover how to disable autorun on PCs and ensure the IT team scans all removable devices before use.

• Establish guidelines on social media use. This includes instructions on clicking links and responding to people pretending to be C-Level executives or other fake customer representatives.

• Train employees on safe internet habits, such as differentiating between secure and unsecured websites, recognizing watering hole attacks, downloading from suspicious sites, and identifying spoofed domains.

• Provide data management guidelines. This includes the approved storage locations for company data and how to handle data in motion.

• Developing the Bring Your Own Device Policy (BYOD).

• Establishing physical security measures such as clean desks and office hygiene. This also includes security measures against shoulder surfing, dumpster diving, eavesdropping, tailgating, etc.

The U.S. Army’s Criminal Investigation Division is urging military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail, warning that the devices could be rigged with malware.

In an alert issued this week, the army said services members across the military have reported receiving smartwatches unsolicited in the mail and noted that the smartwatches, when used, “have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.”

“These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords,” the army warned.

“Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches,” it added.

What is unclear, however, is whether this is an attack targeting American military personnel. The smartwatches, the investigation division noted, may also be meant to run illegal brushing scams.

“Brushing is the practice of sending products, often counterfeit, unsolicited to seemingly random individuals via mail in order to allow companies to write positive reviews in the receiver’s name allowing them to compete with established products,” the agency said.

There are presently 201k people monitoring domains in Have I Been Pwned (HIBP). That's massive! That's 201k people that have searched for a domain, left their email address for future notifications when the domain appears in a new breach and successfully verified that they control the domain. But that's only a subset of all the domains searched, which totals 231k. In many instances, multiple people have searched for the same domain (most likely from the same company given they've successfully verified control), and also in many instances, people are obviously searching for and monitoring multiple domains. Companies have different brands, mergers and acquisitions happen and so on and so forth. Larger numbers of domains also means larger numbers of notifications; HIBP has now sent out 2.7M emails to those monitoring domains after a breach has occurred. And the largest number of the lot: all those domains being monitored encompass an eye watering 273M breached email addresses 😲

The point is, just as HIBP itself has escalated into something far bigger than I ever expected, so too has the domain search feature. Today, I'm launching an all new domain search experience and 5 announcements about major changes surrounding it. Let's jump into it!

Announcement #:

• 1: There's an all new domain search dashboard
• 2: From now on, domain verification only needs to happen once
• 3: Domain searches are now entirely "serverless"
• 4: There are lots of little optimisation tweaks
• 5: Searches for small domains will remain free whilst larger domains will soon require a commercial subscription

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising criminals will use more persistent malware, which enables them to return to the target for further victimization.

Malware has progressed, revealing some trends that may help cybersecurity professionals in combatting current and future strains.

#1. Malware is becoming increasingly aggressive and evasive

Evasive malware, designed to thwart traditional security technologies like first-generation sandboxes and signature-based gateways, is not new. However, the trend toward more sophisticated, aggressive, and evasive malware will probably emerge as a result of the latest developments in Artificial Intelligence (AI). In the past, evasive maneuvers have made static malware analysis approaches insufficient. Fortunately, AI will also be useful in dynamic analysis. Sadly, this could result in a war of machines, creating service disruptions as the two entities battle for supremacy.

#2. Multi-Factor Authentication (MFA) Attacks

Multi-Factor Authentication has finally gained wider adoption in corporate as well as individual settings. What seemed like a panacea to the brute-force attack problem has been shown to be a bit more vulnerable than originally hoped. For example, if a person’s credentials have been compromised, a technique known as “prompt bombing” can be used to create MFA fatigue, eventually causing a person to accept a login notification just to silence the alerts. Many attacks against MFA involve scanning vulnerable login processes to inject the second-factor codes into websites. While not considered malware in the traditional sense, MFA exploits have the same effect of automating an exploit to gain access to sensitive information.

#3. Targeted attacks will give way to mass exploit customization

Targeted attacks require a substantial amount of manual work on the part of the attackers in order to identify victims and then engineer attacks that can fool the victim, as well as create customized compromises and better pre-attack reconnaissance. While attackers have not yet automated these tasks, it is reasonable to assume that some are attempting to do so. One tell-tale sign of automated reconnaissance is its inability to change its behavior. The best defense against this is for cybersecurity professionals to recognize the patterns that are used to compromise a target and work to mitigate those exposures.

#4. More consumer and enterprise data leaks via cloud apps

As we grow more dependent on cloud services, we introduce new exposures. More attackers are targeting cloud-based information. There also seems to be diminished awareness about the implications of putting personal and commercial data and media in the cloud. Moreover, as cloud data management becomes unwieldy, new security vulnerabilities may become public. Malware that results in cloud breaches could present fertile ground for attackers. Cybersecurity professionals must remember that cloud security is not the responsibility of the cloud provider. Proactive protection, as well as testing, remain vital to keeping cloud data safe.

#5. Your refrigerator is running exploits

Devices that weren’t previously connected to the internet, like home appliances, cars, or photo frames, could become the weakest link in our always-on lifestyles. As everything moves online and adoption grows markedly, there will be attacks through systems we haven’t even considered yet. As more personal devices enter office environments, and as office environments have spread to homes, the Internet of Things (IoT) becomes an even greater attack surface.

The Department of Justice established a cyber-focused section within its National Security Division to combat the full range of digital crimes, a top department official said Tuesday.

The National Security Cyber Section — NatSec Cyber, for short — has been approved by Congress and will elevate cyberthreats to “equal footing” with other major national security issues, including counterterrorism and counterintelligence, Assistant Attorney General for National Security Matt Olsen said in remarks at the Hoover Institution in Washington.

The new section enables the agency to “increase the scale and speed of disruption campaigns and prosecutions of nation-state cyberthreats as well as state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” Olsen said.

Google is committing more than $20 million dollars to support the creation and expansion of cybersecurity clinics at 20 higher education institutions across the United States, the company announced on Thursday.

Such clinics rely on university students to provide free cybersecurity services to local institutions. By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.

“This investment that Google’s made today recognizes the value of experiential training. This is not only important for national security but for economic opportunities and national innovation,” Kemba Walden, the acting national cyber director, said at Thursday’s event announcing the funding. “Cyber clinics provide an on-ramp to cyber careers by enabling students from different backgrounds and majors to learn cyber skills.”

After years of breakneck growth, China’s security and surveillance industry is now focused on shoring up its vulnerabilities to the United States and other outside actors, worried about risks posed by hackers, advances in artificial intelligence and pressure from rival governments.

The renewed emphasis on self-reliance, combating fraud and hardening systems against hacking was on display at the recent Security China exhibition in Beijing, illustrating just how difficult it will be to get Beijing and Washington to cooperate even as researchers warn that humankind faces common risks from AI. The show took place just days after China’s ruling Communist Party warned officials of the risks posed by artificial intelligence.

Looming over the four-day meet: China’s biggest geopolitical rival, the United States. American-developed AI chatbot ChatGPT was a frequent topic of conversation, as were U.S. efforts to choke off China’s access to cutting-edge technology.

A new policy directive from Maine Information Technology (MaineIT) has put a six-month moratorium on the adoption and use of Generative Artificial Intelligence (AI) technology within all State of Maine agencies due to “significant” cybersecurity risks.

The prohibition on AI will include large language models that generate text such as ChatGPT, as well as software that generates images, music, computer code, voice simulation, and art.

It’s unclear whether and to what extent state employees have been relying on emerging AI tools as part of their jobs. Maine may be the first state in the U.S. to impose such a moratorium.

According to an email to sent on Wednesday to all Executive Branch agencies and employees from Maine’s Acting Chief Information Officer Nick Marquis, MaineIT issued a “cybersecurity directive” prohibiting the use of AI for all state business and on all devices connected to the state’s network for six months, effective immediately.