The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Sisällön tarjoaa Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Samanlainen kuin The Host Unknown Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of "climate tech" with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!
Siirry offline-tilaan Player FM avulla!
))
Episode 114 - BACK OFF THE MIC JAV!
Manage episode 335831655 series 2706360
Sisällön tarjoaa Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
This week in InfoSec
With content liberated from the “today in infosec” twitter account and further afield
25th July 2007: The US Ninth Circuit Court of Appeals ruled that IP addresses and to/from email fields can be monitored without probable cause.
Appeals Court Rules No Privacy Interest in IP Addresses, Email To/From Fields
https://twitter.com/todayininfosec/status/1154791990397042688
29th July 2009: The first Security BSides conference was held in Las Vegas in a 3,767 square foot house.
http://www.securitybsides.com/w/page/50746315/BSidesHistory
https://twitter.com/todayininfosec/status/1156078833277128704
Rant of the Week
Hackers scan for vulnerabilities within 15 minutes of disclosure
System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.
However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.
"The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," reads a companion blog post.
Since scanning isn't particularly demanding, even low-skilled attackers can scan the internet for vulnerable endpoints and sell their findings on dark web markets where more capable hackers know how to exploit them.
Then, within hours, the first active exploitation attempts are observed, often hitting systems that never had the chance to patch.
Billy Big Balls of the Week
New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo
A new phishing as a service (PhaaS) platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services.
The targeted entities include Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, and Santander.
Additionally, Robin Banks offers templates to steal Microsoft, Google, Netflix, and T-Mobile accounts.
According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email.
LockBit 3.0 introduces the first ransomware bug bounty program
With the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million.
"We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million," reads the LockBit 3.0 bug bounty page.
However, this bug bounty program is a bit different than those commonly used by legitimate companies, as helping the criminal enterprise would be illegal in many countries.
Furthermore, LockBit is not only offering bounties for rewards on vulnerabilities but is also paying bounties for "brilliant ideas" on improving the ransomware operation and for doxxing the affiliate program manager.
The following are the various bug bounty categories offered by the LockBit 3.0 operation:
Web Site Bugs: XSS vulnerabilities, mysql injections, getting a shell to the site and more, will be paid depending on the severity of the bug, the main direction is to get a decryptor through bugs web site, as well as access to the history of correspondence with encrypted companies.
Locker Bugs: Any errors during encryption by lockers that lead to corrupted files or to the possibility of decrypting files without getting a decryptor.
Brilliant ideas: We pay for ideas, please write us how to improve our site and our software, the best ideas will be paid. What is so interesting about our competitors that we don't have?
Doxing: We pay exactly one million dollars, no more and no less, for doxing the affiliate program boss. Whether you're an FBI agent or a very clever hacker who knows how to find anyone, you can write us a TOX messenger, give us your boss's name, and get $1 million in bitcoin or monero for it.
TOX messenger: Vulnerabilities of TOX messenger that allow you to intercept correspondence, run malware, determine the IP address of the interlocutorand other interesting vulnerabilities.
Tor network: Any vulnerabilities which help to get the IP address of the server where the site is installed on the onion domain, as well as getting root access to our servers, followed by a database dump and onion domains.
The $1,000,000 reward for identifying the affiliate manager, known as LockBitSupp, was previously offered on the XSS hacking forum in April.
Industry News
No More Ransom Has Helped Over 1.5m Victims
US Doubles Reward for Info on North Korean Hackers
Criminals Use Malware as Messaging Bots to Steal Data
Cyber-Criminal Offers 5.4m Twitter Users’ Data
European Police Arrest 100 Suspects in BEC Crackdown
Social Media Accounts Hijacked to Post Indecent Images
Hackers Change Tactics for New Post-Macro Era
Ransomware Group Demands £500,000 From School
Spanish Police Arrest Alleged Radioactive Monitoring Hackers
Tweet of the Week
https://twitter.com/danielmakelley/status/1550884696355225601
Come on! Like and bloody well subscribe!
192 jaksoa
Jaa
Manage episode 335831655 series 2706360
Sisällön tarjoaa Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
This week in InfoSec
With content liberated from the “today in infosec” twitter account and further afield
25th July 2007: The US Ninth Circuit Court of Appeals ruled that IP addresses and to/from email fields can be monitored without probable cause.
Appeals Court Rules No Privacy Interest in IP Addresses, Email To/From Fields
https://twitter.com/todayininfosec/status/1154791990397042688
29th July 2009: The first Security BSides conference was held in Las Vegas in a 3,767 square foot house.
http://www.securitybsides.com/w/page/50746315/BSidesHistory
https://twitter.com/todayininfosec/status/1156078833277128704
Rant of the Week
Hackers scan for vulnerabilities within 15 minutes of disclosure
System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.
However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.
"The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," reads a companion blog post.
Since scanning isn't particularly demanding, even low-skilled attackers can scan the internet for vulnerable endpoints and sell their findings on dark web markets where more capable hackers know how to exploit them.
Then, within hours, the first active exploitation attempts are observed, often hitting systems that never had the chance to patch.
Billy Big Balls of the Week
New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo
A new phishing as a service (PhaaS) platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services.
The targeted entities include Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, and Santander.
Additionally, Robin Banks offers templates to steal Microsoft, Google, Netflix, and T-Mobile accounts.
According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email.
LockBit 3.0 introduces the first ransomware bug bounty program
With the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million.
"We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million," reads the LockBit 3.0 bug bounty page.
However, this bug bounty program is a bit different than those commonly used by legitimate companies, as helping the criminal enterprise would be illegal in many countries.
Furthermore, LockBit is not only offering bounties for rewards on vulnerabilities but is also paying bounties for "brilliant ideas" on improving the ransomware operation and for doxxing the affiliate program manager.
The following are the various bug bounty categories offered by the LockBit 3.0 operation:
Web Site Bugs: XSS vulnerabilities, mysql injections, getting a shell to the site and more, will be paid depending on the severity of the bug, the main direction is to get a decryptor through bugs web site, as well as access to the history of correspondence with encrypted companies.
Locker Bugs: Any errors during encryption by lockers that lead to corrupted files or to the possibility of decrypting files without getting a decryptor.
Brilliant ideas: We pay for ideas, please write us how to improve our site and our software, the best ideas will be paid. What is so interesting about our competitors that we don't have?
Doxing: We pay exactly one million dollars, no more and no less, for doxing the affiliate program boss. Whether you're an FBI agent or a very clever hacker who knows how to find anyone, you can write us a TOX messenger, give us your boss's name, and get $1 million in bitcoin or monero for it.
TOX messenger: Vulnerabilities of TOX messenger that allow you to intercept correspondence, run malware, determine the IP address of the interlocutorand other interesting vulnerabilities.
Tor network: Any vulnerabilities which help to get the IP address of the server where the site is installed on the onion domain, as well as getting root access to our servers, followed by a database dump and onion domains.
The $1,000,000 reward for identifying the affiliate manager, known as LockBitSupp, was previously offered on the XSS hacking forum in April.
Industry News
No More Ransom Has Helped Over 1.5m Victims
US Doubles Reward for Info on North Korean Hackers
Criminals Use Malware as Messaging Bots to Steal Data
Cyber-Criminal Offers 5.4m Twitter Users’ Data
European Police Arrest 100 Suspects in BEC Crackdown
Social Media Accounts Hijacked to Post Indecent Images
Hackers Change Tactics for New Post-Macro Era
Ransomware Group Demands £500,000 From School
Spanish Police Arrest Alleged Radioactive Monitoring Hackers
Tweet of the Week
https://twitter.com/danielmakelley/status/1550884696355225601
Come on! Like and bloody well subscribe!
192 jaksoa
すべてのエピソード
×
Tervetuloa Player FM:n!
Player FM skannaa verkkoa löytääkseen korkealaatuisia podcasteja, joista voit nauttia juuri nyt. Se on paras podcast-sovellus ja toimii Androidilla, iPhonela, ja verkossa. Rekisteröidy sykronoidaksesi tilaukset laitteiden välillä.
Samanlainen kuin The Host Unknown Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of "climate tech" with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!
Siirry offline-tilaan Player FM avulla!
