Symantec Cyber Security Brief Podcast

Our weekly podcast series features threat research and security news, hosted by threat researchers from the Threat Hunter Team. ANNOUNCEMENT: Production of the Cyber Security Brief has been interrupted as our team is dispersed, working from home as the world strives to bring the corona-virus pandemic under control. This means the podcast is on hiatus for now, but we will be back as soon as we can with more great stories from the world of cyber security. Thank You!

Episodes

Posted:

Round-up: A whole host of vulnerabilities, and the hackers hacking other hackers

In this week's Cyber Security Brief podcast, Brigid O'Gorman and Dick O'Brien discuss some of the biggest infosec news stories of the last week, including, new vulnerabilities in Intel chips, and the Microsoft SMB protocol, as well as the Rowhammer vulnerability being back in the headlines. As well as this, there is an intricate phishing scam targeting Russian speakers that uses a chatbot to help you hand over your information, a mysterious Vietnam-based group is releasing Trojanized hacking tools to try and hack other hackers, the chief suspect thought to be behind the Deer[.]io online marketplace is arrested, and BEC scammers make the headlines once again.

Download
Posted:

Round-up: Ransomware criminals continue to innovate, and BEC scammers hit a high-profile victim

On this week’s Cyber Security Brief, we bring you a round-up of some of the biggest cyber security stories of the last 7 days. Among the topics up for discussion are the latest innovations of ransomware criminals, a data breach at a controversial facial recognition company, and an investigation by Brian Krebs into a series of cyber attacks on companies in France that led to an interesting conclusion. Also this week, a survey reveals that many government employees feel ill-prepared to cope with a cyber attack, and a judge on Shark Tank falls victim to BEC scammers.

Download
Posted:

Special Edition: The RSA Conference 2020

Candid Wueest and Dick O’Brien join the Cyber Security Brief from the RSA Conference in San Francisco this week. Both Candid and Dick were presenting at RSA this week – Dick on the topic of targeted ransomware, and Candid on the subject of formjacking. They fill us in on how their presentations went, the other interesting sessions they attended, what the big themes of the conference are this year, and their overall impressions of RSAC 2020.

Download
Posted:

Focus On: Pegasus spyware

This week’s Cyber Security Brief is part of our regular Attack Group of the Month series, though this time around it’s more like Tool of the Month, as we take a closer look at Pegasus. Pegasus is a mobile spyware that is owned and sold by Israeli company the NSO Group, which says it is a legitimate tool that it sells exclusively to law enforcement and government agencies. However, there have been many cases where Pegasus appears to have been misused and has been found on the phones of journalists, activists and government critics in some countries. Symantec engineer Alexey Kleymenov has examined Pegasus extensively, and joins Dick O’Brien to discuss the malware and its technical abilities and sophistication.

Download
Posted:

Spotlight On: The healthcare cyber threat landscape

In this week’s Cyber Security Brief, we discuss the various cyber security concerns facing the healthcare sector. Ransomware attacks are now one of the biggest challenges facing organizations in the healthcare industry, while data breaches also remain a major concern. Meanwhile, developments in medtech and the increased connectivity of hospitals and other healthcare organizations pose new challenges for practitioners and patients. We discuss the main threats facing the sector, and the steps you can take to keep your organization safe.

Download
Posted:

Round-up: Traffic jams, increasing defenses, and shortening the Google Chrome ‘patch gap’

In this week’s edition of the Cyber Security Brief, Brigid O’Gorman, Candid Wueest and Dick O’Brien discuss the U.S. Department of Defense’s new cyber security framework for its contractors, how easy it was for a performance artist in Germany to cause a fake traffic jam on Google Maps, and the way the coronavirus outbreak is being exploited by cyber scammers. Also this week, Google halves its Chrome patch gap, Microsoft Teams gets knocked offline, and how bugs in Microsoft Azure could have allowed cloud servers to be hacked.

Download
Posted:

Round-up: Ransomware, vulnerabilities, and eavesdropping

In this week’s Cyber Security Brief, Candid Wueest and Brigid O’Gorman bring you a round-up of the biggest cyber security news stories of the last week. We discuss the Shlayer malware, the publication of exploits for a vulnerability in Windows Remote Desktop Gateway, and how attackers may be able to eavesdrop on your conference calls. Also this week, there were a whole slew of news stories about ransomware, so we discuss some of those as well.

Download
Posted:

Spotlight On: Software vulnerabilities and patch management

On this week’s Cyber Security Brief, we discuss a timely issue – the importance of patching software vulnerabilities and the necessity for organizations to have good patch management. We decided to cover this topic as it is something that has been much in the news recently: CVE-2020-0601, a vulnerability in Microsoft’s Windows CryptoAPI, that was reported to the software giant by the NSA and was described as “severe” by the security agency, has made many headlines in the last week. Vulnerabilities in software from Citrix, and in Pulse Secure VPN servers, which were first revealed in December and April 2019, respectively, were also in the news in the last week or so. The vulnerabilities in the Pulse VPN servers were patched back in April - but despite this they are suspected of having been exploited in several cyber attacks since then, demonstrating that patches are not always being applied in a timely fashion. We discuss why that might be, and a variety of other issues, in this podcast.

Download
Posted:

Spotlight On: Living off the land

On this week’s Cyber Security Brief, we discuss “living off the land”, where attackers use legitimate tools on your device or network for malicious purposes. Dick O’Brien is joined by Candid Wueest, who wrote a whitepaper on this very topic just before the holidays, to discuss the tools that are most commonly exploited by attackers using living off the land techniques, the prevalence of this kind of activity, and what organizations can do to protect themselves. As well as this, we give an overview of CVE-2020-0601, the vulnerability in the Windows CryptoAPI that was patched by Microsoft on Tuesday.

Download
Posted:

Spotlight On: Iranian cyber espionage activity

On this week’s Cyber Security Brief, we decide to take a look at an issue that is very topical at the moment – Iranian cyber espionage activity. Dick O’Brien and Gavin O’Gorman discuss some past campaigns we have seen carried out by Iranian actors, and the kind of cyber capabilities the country has. Threat researcher Gavin gives his opinion on what is likely to happen next when it comes to cyber activity, and if we are likely to see any cyber attacks by Iranian actors targeting U.S. organisations.

Download
Posted:

Cyber Security Brief’s Review of the Year

This week’s episode of the Cyber Security Brief is the last one of 2019, so we are taking a look back at some of the big stories of the year in the world of infosec. Brigid O’Gorman, Dick O’Brien and Candid Wueest discuss a range of topics, including targeted ransomware, living off the land, supply chain attacks, extortion scams, and formjacking. We are taking a short break for the holidays but will be back in January 2020 with lots more chat about the world of cyber security.

Download
Posted:

Spotlight On: Targeted ransomware – a major trend in 2019

On this week’s Cyber Security Brief, we turn the spotlight onto targeted ransomware – one of the most active threats we observed in 2019. Targeted ransomware has seen huge growth since the start of 2018, with 2019, in particular, seeing a big rise in the number of targeted ransomware families operating. We take a look at the reasons for this growth, outline the activities of some of the most interesting targeted ransomware families that have emerged in 2019, take you through how an attack like this works, and provider some essential tips to help you keep your business safe from targeted ransomware.

Download
Posted:

Attack Group of the Month: Shamoon – targeting the Middle East with disk-wiping malware

On this week’s Cyber Security Brief podcast we are introducing a new feature – Attack Group of the Month. Every month we will bring in one of our expert threat researchers for a deep dive into the history, tactics, and techniques of notable attack groups, and discuss what you should do to keep your company safe from these sophisticated attackers. This week we look at Shamoon, an attack group that first appeared in 2012, causing waves when it wiped the disks on thousands of computers in two companies in Saudi Arabia. Threat researcher Gavin O’Gorman brings us through the history of the group, what makes it so interesting, and why he thinks we haven’t seen the last of Shamoon yet.

Download
Posted:

Spotlight On: BEC scams – an expensive threat

On this week’s Cyber Security Brief, Dick O’Brien, Candid Wueest and Brigid O’Gorman focus on business email compromise (BEC) scams, which are a major issue for enterprises and organizations. The FBI has estimated that between June 2016 and July 2019 more than $26 billion was lost to BEC scams globally. Our experts discuss some recent examples of BEC scams, the common tactics and techniques many of these scams share, and the steps you can take to mitigate the danger to your business from these types of scams.

Download
Posted:

Holiday shopping special: Scams to watch out for this Black Friday and Cyber Monday

On this week’s Symantec Cyber Security Brief, we bring you a holiday shopping cyber security special in advance of Black Friday, Cyber Monday, and the holiday shopping period in general. We discuss the dangers people need to be aware of when shopping online, including formjacking, fake shops, and social media scams. We discuss common scams that try to trick victims using fake delivery notices, as well as point of sale malware, which is still a threat, even as more people move to doing their shopping online.

Download
Posted:

Privacy concerns, election campaign worries, and phish-y meeting invites

On this week’s Symantec Cyber Security Brief, Dick O’Brien is joined by Brigid O’Gorman and Candid Wueest to discuss some of the big cyber security stories of the last week. This week, Ubiquiti customers are annoyed after a firmware update led to their routers sending information back to Ubiquiti HQ without their consent, a “sophisticated” attack on the UK Labour Party’s digital platforms causes consternation in the middle of an election campaign – but was it really that serious? Also, a (complicated) way to gain access to people’s Wi-Fi networks via Amazon’s Ring doorbell, a new ruling in the U.S. on whether or not border police are entitled to search your electronic devices when you’re entering the country, and beware of suspicious meeting invites.

Download
Posted:

Lasers, Bluekeep, and BEC scammers continue to cash in

On this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss the biggest cyber security news stories of the week. On this episode, we chat about how lasers could be used to hack your voice-controlled devices – including your phone, the Bluekeep attacks that have been spotted in the wild, and the ongoing repercussions surrounding the WhatsApp zero-day that was discovered in May. Also, BEC scammers cash in, the QSnatch malware hits thousands of NAS devices, and a new vulnerability in Microsoft Office for Mac.

Download
Posted:

Fancy Bear attack campaign, ransomware hits Johannesburg again, and malware hijacks Discord client

In this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss the biggest infosec stories of the week. This week we discuss Fancy Bear’s campaign against at least 16 anti-doping and sporting organizations, yet another ransomware attack on Johannesburg, and the malware that was turning the Discord client into an info-stealing backdoor. Also this week, the security researcher who discovered they could hack other people’s pet feeders, and the man who still has access to the connected car he rented – and returned – several months ago.

Download
Posted:

A second supply chain attack attempt against CCleaner, voice-controlled home assistants spying on owners, and dodgy mobile biometric authentication

In this week's Cyber Security Brief, Dick O'Brien and Candid Wueest discuss some of the biggest cyber security stories of the past week. Topics this week include a second supply chain attack attempt aimed at compromising CCleaner, how Amazon Alexa and Google Home devices can be used to spy on their owners using malicious third-party applications, problems for Samsung and Google arising from issues with biometric authentication on their mobile devices, and how a Chinese cyber-espionage group has been targeting SQL servers.

Download
Posted:

An iTunes and iCloud zero-day, ATM malware, and the Sudo vulnerability

In this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss the biggest cyber security stories of the week. In the mix this week, a zero-day in the Windows version of iTunes and iCloud, ATM malware, the Sudo vulnerability, and how it has been proved that you can insert spy chips into firewalls. Also, the stalker in Japan who used reflections in photos to track down his victim, and finally, the price paid for people’s private information on the deep and dark web.

Download
Posted:

A controversial Apple app, a far-reaching ruling from the ECJ, and many, many data breaches

In this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss some of the biggest cyber security stories of the last week. Topics on the agenda include: controversy over Apple allowing a police-tracking app to be carried on its App Store in Hong Kong, a ruling from the European Court of Justice that could have big implications for social media platforms, new technology that claims it can identify people through walls from their gait using just Wi-Fi receivers, and a whole lot of data breaches. Also, Candid tells us about the it-sa: IT Security Expo and Congress, which he is attending and presenting at in Nuremberg, Germany, this week.

Download
Posted:

Deepfakes, disinformation, and the former NATO bunker housing a bulletproof hosting service

In this week’s Cyber Security Brief, Dick O’Brien, Candid Wueest and Brigid O’Gorman discuss the high cost of ransomware, and the emergence of disinformation-as-a-service on underground markets. We also chat about researchers finding a way to steal data from encrypted PDFs, and the bulletproof hosting service housed in a former NATO bunker in Germany that was recently shut down by police. Finally, we discuss the issue of deepfake videos, the problems they could present, and the steps Google and others are taking to tackle them.

Download
Posted:

Tortoiseshell APT group, vBulletin zero-day, and Facebook suspends thousands of apps

We’re back! The Cyber Security Brief returns for season 2. In our first episode, Dick O’Brien is joined by Brigid O’Gorman and Gavin O’Gorman (no relation) to discuss our recent research into Tortoiseshell, an APT group we recently discovered using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. We also discuss the recently revealed vulnerability in vBulletin, the release of iOS 13, a ransomware attack on a healthcare facility in Wyoming, and Facebook suspending thousands of apps from its platform.

Download