I'm a newbie to podcasts, but I got hooked recently because I can listen while doing something else.

What are your favorite cybersecurity podcasts? I'm not even sure the best way to link podcasts either, but regardless: the ones I'm liking so far are:

The Cyberwire: https://thecyberwire.com/podcasts

CISO Series: https://cisoseries.com/

Darknet Diaries: https://darknetdiaries.com/

Cybersecurity Today: https://www.itworldcanada.com/podcasts

Smashing Security: https://www.smashingsecurity.com/

Malicious Life: https://malicious.life/

Any more great recommendations? Any drama about the above ones?

Executive summary

In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.

The malware gained access to the healthcare institution systems through an infected USB drive. During the investigation, the Check Point Research (CPR) team discovered newer versions of the malware with similar capabilities to self-propagate through USB drives. In this way, malware infections originating in Southeast Asia spread uncontrollably to different networks around the globe, even if those networks are not the threat actors’ primary targets.

The main payload variant, called WispRider, has undergone significant revisions. In addition to backdoor capabilities and the ability to propagate through USB using the HopperTick launcher, the payload includes additional features, such as a bypass for SmadAV, an anti-virus solution popular in Southeast Asia. The malware also performs DLL-side-loading using components of security software, such as G-DATA Total Security, and of two major gaming companies (Electronic Arts and Riot Games). Check Point Research responsibly notified these companies on the above-mentioned use of their software by the attackers.

The findings in this report, along with corroborating evidence from other industry reports, confirm that Chinese threat actors, including Camaro Dragon, continue to effectively leverage USB devices as an infection vector.

The prevalence and nature of the attacks using self-propagating USB malware demonstrate the need of protecting against those, even for organizations that may not be the direct targets of such campaigns. We found evidence of USB malware infections at least in the following countries: Myanmar, South Korea, Great Britain, India and Russia.

The U.S. Army’s Criminal Investigation Division is urging military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail, warning that the devices could be rigged with malware.

In an alert issued this week, the army said services members across the military have reported receiving smartwatches unsolicited in the mail and noted that the smartwatches, when used, “have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.”

“These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords,” the army warned.

“Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches,” it added.

What is unclear, however, is whether this is an attack targeting American military personnel. The smartwatches, the investigation division noted, may also be meant to run illegal brushing scams.

“Brushing is the practice of sending products, often counterfeit, unsolicited to seemingly random individuals via mail in order to allow companies to write positive reviews in the receiver’s name allowing them to compete with established products,” the agency said.

There are presently 201k people monitoring domains in Have I Been Pwned (HIBP). That's massive! That's 201k people that have searched for a domain, left their email address for future notifications when the domain appears in a new breach and successfully verified that they control the domain. But that's only a subset of all the domains searched, which totals 231k. In many instances, multiple people have searched for the same domain (most likely from the same company given they've successfully verified control), and also in many instances, people are obviously searching for and monitoring multiple domains. Companies have different brands, mergers and acquisitions happen and so on and so forth. Larger numbers of domains also means larger numbers of notifications; HIBP has now sent out 2.7M emails to those monitoring domains after a breach has occurred. And the largest number of the lot: all those domains being monitored encompass an eye watering 273M breached email addresses 😲

The point is, just as HIBP itself has escalated into something far bigger than I ever expected, so too has the domain search feature. Today, I'm launching an all new domain search experience and 5 announcements about major changes surrounding it. Let's jump into it!

Announcement #:

• 1: There's an all new domain search dashboard
• 2: From now on, domain verification only needs to happen once
• 3: Domain searches are now entirely "serverless"
• 4: There are lots of little optimisation tweaks
• 5: Searches for small domains will remain free whilst larger domains will soon require a commercial subscription

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising criminals will use more persistent malware, which enables them to return to the target for further victimization.

Malware has progressed, revealing some trends that may help cybersecurity professionals in combatting current and future strains.

#1. Malware is becoming increasingly aggressive and evasive

Evasive malware, designed to thwart traditional security technologies like first-generation sandboxes and signature-based gateways, is not new. However, the trend toward more sophisticated, aggressive, and evasive malware will probably emerge as a result of the latest developments in Artificial Intelligence (AI). In the past, evasive maneuvers have made static malware analysis approaches insufficient. Fortunately, AI will also be useful in dynamic analysis. Sadly, this could result in a war of machines, creating service disruptions as the two entities battle for supremacy.

#2. Multi-Factor Authentication (MFA) Attacks

Multi-Factor Authentication has finally gained wider adoption in corporate as well as individual settings. What seemed like a panacea to the brute-force attack problem has been shown to be a bit more vulnerable than originally hoped. For example, if a person’s credentials have been compromised, a technique known as “prompt bombing” can be used to create MFA fatigue, eventually causing a person to accept a login notification just to silence the alerts. Many attacks against MFA involve scanning vulnerable login processes to inject the second-factor codes into websites. While not considered malware in the traditional sense, MFA exploits have the same effect of automating an exploit to gain access to sensitive information.

#3. Targeted attacks will give way to mass exploit customization

Targeted attacks require a substantial amount of manual work on the part of the attackers in order to identify victims and then engineer attacks that can fool the victim, as well as create customized compromises and better pre-attack reconnaissance. While attackers have not yet automated these tasks, it is reasonable to assume that some are attempting to do so. One tell-tale sign of automated reconnaissance is its inability to change its behavior. The best defense against this is for cybersecurity professionals to recognize the patterns that are used to compromise a target and work to mitigate those exposures.

#4. More consumer and enterprise data leaks via cloud apps

As we grow more dependent on cloud services, we introduce new exposures. More attackers are targeting cloud-based information. There also seems to be diminished awareness about the implications of putting personal and commercial data and media in the cloud. Moreover, as cloud data management becomes unwieldy, new security vulnerabilities may become public. Malware that results in cloud breaches could present fertile ground for attackers. Cybersecurity professionals must remember that cloud security is not the responsibility of the cloud provider. Proactive protection, as well as testing, remain vital to keeping cloud data safe.

#5. Your refrigerator is running exploits

Devices that weren’t previously connected to the internet, like home appliances, cars, or photo frames, could become the weakest link in our always-on lifestyles. As everything moves online and adoption grows markedly, there will be attacks through systems we haven’t even considered yet. As more personal devices enter office environments, and as office environments have spread to homes, the Internet of Things (IoT) becomes an even greater attack surface.

The Department of Justice established a cyber-focused section within its National Security Division to combat the full range of digital crimes, a top department official said Tuesday.

The National Security Cyber Section — NatSec Cyber, for short — has been approved by Congress and will elevate cyberthreats to “equal footing” with other major national security issues, including counterterrorism and counterintelligence, Assistant Attorney General for National Security Matt Olsen said in remarks at the Hoover Institution in Washington.

The new section enables the agency to “increase the scale and speed of disruption campaigns and prosecutions of nation-state cyberthreats as well as state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” Olsen said.

After years of breakneck growth, China’s security and surveillance industry is now focused on shoring up its vulnerabilities to the United States and other outside actors, worried about risks posed by hackers, advances in artificial intelligence and pressure from rival governments.

The renewed emphasis on self-reliance, combating fraud and hardening systems against hacking was on display at the recent Security China exhibition in Beijing, illustrating just how difficult it will be to get Beijing and Washington to cooperate even as researchers warn that humankind faces common risks from AI. The show took place just days after China’s ruling Communist Party warned officials of the risks posed by artificial intelligence.

Looming over the four-day meet: China’s biggest geopolitical rival, the United States. American-developed AI chatbot ChatGPT was a frequent topic of conversation, as were U.S. efforts to choke off China’s access to cutting-edge technology.

A new policy directive from Maine Information Technology (MaineIT) has put a six-month moratorium on the adoption and use of Generative Artificial Intelligence (AI) technology within all State of Maine agencies due to “significant” cybersecurity risks.

The prohibition on AI will include large language models that generate text such as ChatGPT, as well as software that generates images, music, computer code, voice simulation, and art.

It’s unclear whether and to what extent state employees have been relying on emerging AI tools as part of their jobs. Maine may be the first state in the U.S. to impose such a moratorium.

According to an email to sent on Wednesday to all Executive Branch agencies and employees from Maine’s Acting Chief Information Officer Nick Marquis, MaineIT issued a “cybersecurity directive” prohibiting the use of AI for all state business and on all devices connected to the state’s network for six months, effective immediately.

The BBC CISO says she is a “consummate cynic” about cybersecurity certifications. Helen Rabe believes schemes like the widely recognised ISO 27001 standard are “time consuming” and “cumbersome” to maintain for tech teams, and could be ripe for reform.

Rabe was speaking as part of a panel at the Infosec Europe conference in London, where she joined Munawar Vallji, CISO at rail ticketing platform Trainline, and Dr Emma Philpott, of advisory group the IASME Consortium for a panel on the future of cybersecurity certifications. BBC CISO ‘cynical’ about cybersecurity certifications

Cybersecurity certifications are designed to ensure organisations have an appropriate level of security across their teams. The most common certification is the ISO 27001 from the International Organisation of Standards, which was updated last year and is held by more than 30,000 companies.

While these certifications are not a legal requirement, they can be a contractual stipulation for IT buyers, particularly in public sector organisations. Speaking to Tech Monitor last year, Alan Calder, founder and executive chairman of cyber risk and privacy management company IT Governance, said: “The Department of Work and Pensions, for instance, requires organisations it is contracting to have ISO specification.

Every cybersecurity vendor has a different vision of how generative AI will serve its customers, yet they all share a common direction. Generative AI brings a new focus on data accuracy, precision and real-time insights. DevOps, product engineering and product management are delivering new generative AI-based products in record time, looking to capitalize on the technology’s strengths.

The 5 from the article:

1. Real-time risk assessment and quantification
2. Generative AI will revolutionize extended detection and response (XDR)
3. Improving endpoint resilience, self-healing capability and contextual intelligence
4. Improving existing AI-based automated patch management techniques
5. Managing the use of generative AI tools, including AI-based chatbot services

Complex, well-resourced, and well-organized, Anonymous Sudan looks like a front group for an intelligence service.

Anonymous Sudan's questionable provenance.

Researchers are moved to conclude that Anonymous Sudan is a Russian-run operation, and not the Islamist patriotic hacktivist collective it claims to be,

Is Anonymous Sudan a Russian front group, or a grassroots religious hacktivist group? Researchers at CyberCX have released an intelligence update on Anonymous Sudan after that threat group attacked Australian government organizations. The researchers point out that they assess, with high confidence, that Anonymous Sudan is unlikely to be the simple religious hacktivist group it purports to be, “and that Anonymous Sudan is unlikely to be geographically linked to Sudan.” CyberCX also assesses that the threat group uses a substantial paid proxy infrastructure across various countries to conduct its attacks. “Traffic was highly dispersed, with the common infrastructure across attacks spanning 1720 Autonomous Systems (AS) over 132 countries. Indonesia was the most represented country of origin, followed by Malaysia and the United States,” the researchers explained. That infrastructure probably costs about $2,700 per month. This is an estimate. As CyberCX points out, given the inherently closed nature of the proxy services, “it is difficult to estimate Anonymous Sudan’s likely expenditure on infrastructure.” It’s clear in any case that this supposed backwater organization has suspiciously significant funding and a complex operational style.

The group’s well-organized attacks are not typical of a grassroots organization of religiously motivated hacktivists. “Most authentic grassroots hacktivist organizations observed by CyberCX plan activities in an at least semi-public way, discussing targeting and coordinating operations in forums and group chats. Anonymous Sudan declares specific targets as it attacks, implying it is a closely held operation.” While it’s difficult to determine the group’s geographical location, the timezone during which they’re most active is the UTC-3 region, and that includes both Sudan and Eastern Europe. Anonymous Sudan is actively working with the Russian cyber auxiliary KillNet and its group of Russia-aligned accounts.

Anonymous Sudan primarily writes in English and Russian. Researchers at Trustwave write “There are numerous clues left behind by Anonymous Sudan pointing toward the group being associated in some manner with Killnet. The primary indicator is that Anonymous Sudan’s preferred attack vector is DDoS attacks, the attack type that Killnet has conducted. Other circumstantial evidence pointing toward a Russian connection is that the Anonymous Sudan Telegram posts are mostly in Russian (with some in English), and the targets are all nations that support Ukraine in its fight against Russia.”

Cybersecurity provider Trend Micro Incorporated has been integrating artificial intelligence (AI) into its technologies for a decade, but it hasn’t had the power of generative AI, until now.

Today Trend Micro announced its new Vision One platform, bringing together a series of different cybersecurity capabilities including extended detection and response (XDR), attack surface risk management (ASRM) and zero trust. In many respects, the platform is an evolution of the Trend Micro one platform announced in 2022, with the big new addition being gen AI.

The Trend vision one companion is a gen AI-powered assistant for security operation center (SOC) analysts. The technology enables security teams to use natural language queries to answer questions, assist with threat hunting and accelerate remediation.

“We’ve really tried to think about how we can bring the power of gen AI to the security operation center,” Trend Micro COO Kevin Simzer told VentureBeat. “When you’re in an SOC, It tends to be a bit of a stressful job as they’re inundated with lots of telemetry from all different sources.”