74 episodes

Bi-Weekly Cyber intellgence briefing, each episode includes update regrading some of the latest events happened in the cyber security world.
This podcast is meant for people who wants to listen to a short (5 minute) overview about some of the latest events happened lately in the cyber world.
The Podcast is not getting into technical details and anyone can understand.

intelligence updates Nucleon Cyber

    • Technology
    • 5.0 • 16 Ratings

Bi-Weekly Cyber intellgence briefing, each episode includes update regrading some of the latest events happened in the cyber security world.
This podcast is meant for people who wants to listen to a short (5 minute) overview about some of the latest events happened lately in the cyber world.
The Podcast is not getting into technical details and anyone can understand.

    CyberCure Ep 74

    CyberCure Ep 74

    Welcome to the Nucleon Cyber Intelligence podcast.
    This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
    The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
    The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

    https://news.nucleon.sh/2021/09/23/intelligence-briefing-74/

    If you have been following the adventures of the hackers group called Revil cyber gang then they have fully returned and are once again attacking new victims and publishing stolen files on a data leak site.
    If you haven't heard about Revil gang, here is a short recap,
    Since 2019, the REvil ransomware operation, also known as Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files.
    We covered some of their attacks right here on big cases such as JBS, Coop, Travelex and many others.
    REvil shut down their infrastructure and completely disappeared after their biggest hack yet.
    A massive attack on July 2nd that encrypted over 50 service providers and over 1,500 businesses using a zero-day vulnerability in the Kaseya VSA remote management platform which had no patch.
    This attack had such wide-ranging consequences worldwide that it brought the full attention of international law enforcement to bear on the group.
    Maybe because of the pressure, the REvil gang suddenly shut down all their servers and went offline, leaving many victims in a lurch with no way of decrypting their files.
    Few days later, Kaseya (the company that have been hacked) received a universal decryptor that victims could use to decrypt files for free. It is unclear how Kaseya received the decryptor but stated it came from a "trusted third party."....

    ----

    On a different subject, cybersecurity experts warned that cybercriminal forums had in recent months been selling access to login credentials for software that the United Nations uses to manage internal projects. The software could provide valuable access to intruders looking to extort the UN or steal data.
    The cyber security firm Resecurity contacted UN officials after noticing the login credentials for sale on the dark web.
    Another Security firm reported to observe one prominent cybercriminal gang claiming access to the UN software.
    This caused the UN to release an official statement saying:
    “Unidentified hackers breached computer systems at the United Nations in April and the multinational body has had to fend off related hacks in the months since.”

    There are different rumors and stories about this incident, so we just thought to briefly mention it here in case this case evolves and we will pay more attention to it in the future.

    -----

    That’s it for this podcast, stay safe and see you in the next podcast.
    Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

    • 4 min
    CyberCure Ep 73

    CyberCure Ep 73

    This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
    The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
    The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

    https://news.nucleon.sh/2021/09/03/intelligence-briefing-73/
    ----

    Several times this year, LinkedIn seems to have experienced massive data scrape conducted by a malicious actor.
    An archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum. This time, the author of the forum post is purportedly selling information gathered from 600 million LinkedIn profiles. Latest LinkedIn leak They also claim that the data is new and “better” than that collected during the previous scrapes. Latest LinkedIn leak in 2021 Samples from the archive shared by the author include full names, email addresses, links to the users’ social media accounts, and other data points that users had publicly listed on their LinkedIn profiles.
    While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering.
    LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity. The social media platform, however, is of a different opinion on the matter: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in its statement regarding a previous data scrape, where malicious actors collected data from 700 million profiles...

    ----
    Also,
    Notorious North Korean hacking group impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.
    Researchers have been tracking Lazarus activity for months published new report by AT&T Labs.
    According to the report’s author, emails sent to prospective engineering candidates by the group purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall.
    Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” the report wrote.

    The campaign is just the latest by Lazarus that targets the defense industry. In February, researchers linked a 2020 spear phishing campaign to the stealing of critical data from defense companies by leveraging an advanced malware called ThreatNeedle.

    The new campaign was identified when Twitter users reported several documents that were linked to Lazarus group using, GM and Airbus as lures.
    The campaigns using the three new documents have similarities in command and control (C&C) communication but different ways of executing malicious activity, researchers found.
    Lazarus distributed two malicious documents related to Rheinmetall, a German engineering company focused on the defense and automotive industries. However, the second included “more elaborate content,” and thus likely went unnoticed by victims.
    Given the historically prolific nature of Lazarus—named “the most active” threat group of 2020 by Kaspersky —the latest attack against engineers “is not expected to be the last,” the report noted. “Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” the report said.

    -----

    That’s it for this podcast, stay safe and see you in the next podcast.
    Don’t forget to visit www.nucleoncyber.com

    • 6 min
    CyberCure Ep 71

    CyberCure Ep 71

    The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

    https://news.nucleon.sh/2021/08/19/intelligence-briefing-71/
    ----

    A cyber attack has disrupted container operations at the South African port of Cape Town. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected.
    Cape Town Harbour Carriers Association said in an email to members:
    "Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored." Transnet's official website was down showing an error message. Transnet, which operates major South African ports, including Durban and Cape Town, and a huge railway network that transports minerals and other commodities for export, confirmed its IT applications were experiencing disruptions and it was identifying the cause. It declined to comment on whether a cyber attack caused the disruption.
    The state-owned company already suffered major disruptions to its ports and national freight rail line last week following days of unrest and violence in parts of the country. In response to a question on whether the cyber attack on Transnet was linked to the unrest, a government official said: "We are investigating, and when that is confirmed or dispelled we are going to make that announcement. "Currently we are treating it as an unrelated event."
    The latest disruption has delayed containers and auto parts, but commodities were mostly unaffected as they were in a different part of the port, one of the sources said. It will also create backlogs that could take time to clear. Transnet said its container terminals were disrupted while its freight rail, pipeline, engineering and property divisions reported normal activity.

    ----
    Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is affiliated with the testing for travel initiative from the government. The leak made it possible for anyone to easily add a fake negative coronavirus test result or proof of vaccination by adding two code lines. In the database, it was possible to personally enter which kind of test was absolved and what the result was.
    Afterward, you would automatically receive a travel certificate from Testcoronanu. The site has since been shut down by the Ministry of Health.
    Not only was it possible to add test and vaccination certificates, but users could also alter the data of others. “Anyone with an internet connection could simply adjust data in a corona database.
    The leak put in question the reliability of the CoronaCheck app. “Any form of reliability is completely gone”, professor of microbiology at the UMC Groningen, Bert Niesters, said. “It is completely irresponsible to use this app for events where it is not possible to keep one and a half meters distance.” The leak also revealed personal information, such as the full names, addresses, phone numbers, social security numbers, passport numbers and medical information from over 60 thousand people. This highly sensitive information can easily be misused by cybercriminals. All locations from Testcoronanu have been closed. People who had an appointment to get tested will have to make an appointment with a different provider.
    -----

    That’s it for this podcast, stay safe and see you in the next podcast.
    Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

    • 4 min
    CyberCure Ep 70

    CyberCure Ep 70

    This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
    The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
    The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

    https://news.nucleon.sh/2021/08/13/intelligence-briefing-70/
    ----

    COVID related cyber attacks are attractive targets as they are usually well funded and time sensitive so ransomware should be easier.
    German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets.
    Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel.
    Pharmacies and vaccination centres issue them but The German Pharmacists Association said hackers had managed to produce two vaccination certificates by accessing the portal and making up pharmacy owner identities.
    In a statement they released they said:
    "The DAV, in consultation with the Health Ministry, stopped issuing certificates to investigate further", adding it had so far found no other indication of unauthorised access to the portal. "It can therefore be assumed that the more than 25 million vaccination certificates issued so far through pharmacies have all been issued by legally registered pharmacies," said the DAV.
    After a slow start, due to supply problems and bureaucratic hurdles, Germany's vaccine rollout picked up in May and June but now the pace of doses being administered is slowing.

    ----

    The Saudi Arabian Oil Company, better known as Saudi Aramco, told that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors."
    Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company - files now apparently being used in a cyber-extortion attempt involving a USD 50 million ransom demand - likely came from one of its contractors.
    The oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way.

    "We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," Aramco said.
    A page on the darknet offering Aramco a chance to have the data deleted for USD 50 million in cryptocurrency, while another timer counted down from USD 5 million, likely in an effort to pressure the company.
    It remains unclear who is behind the ransom plot.
    Aramco has been targeted before by a cyberattack. In 2012, the kingdom's oil giant found itself hit by the so-called Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Aramco to shut down its network and destroy over 30,000 computers. In 2017, another virus swept across the kingdom and disrupted computers.

    -----

    That’s it for this podcast, stay safe and see you in the next podcast.
    Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

    • 3 min
    Cyber Intelligence News - August 9 - ep -69

    Cyber Intelligence News - August 9 - ep -69

    This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes.

    The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

    The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

    In this podcast, we will discuss two topics , one related to cyber incident in the health care in the usa.
    the second a cyber incident related to south korea stealth fighter.
    Full post can be found at:
    https://news.nucleon.sh/2021/08/09/intelligence-briefing-69/

    • 3 min
    CyberCure Ep 72

    CyberCure Ep 72

    This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
    The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
    The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

    https://news.nucleon.sh/2021/08/27/intelligence-briefing-72/

    A group of Iranian hackers targeting U.S. military personnel on Facebook, deployed a "well-resourced and persistent operation" to connect with victims on the social media site, and trick them into providing sensitive information as part of a larger online espionage campaign, Facebook said recently.
    The group, known as "Tortoiseshell" in the security industry, targeted nearly 200 individuals associated with the military as well as defense and aerospace companies in the U.S., and to a lesser extent in the U.K. They used social engineering and phishing to direct victims away from Facebook and infect their devices with malware. Facebook said its investigation revealed that parts of the malware used by Tortoiseshell was developed by Mahak Rayan Afraz, a Tehran-based IT company with close ties to the Islamic Revolutionary Guard Corps (IRGC). "Based on our analysis of the capabilities of this malware, we believe it was target-tailored to understand the type of software that the device was running and the networks that it was connected to, to presumably assist in future targeting efforts for the attackers," Mike Dvilyanksi, Facebook head cyber espionage investigations, told.....
    ------

    That’s it for this podcast, stay safe and see you in the next podcast.
    Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

    • 5 min

Customer Reviews

5.0 out of 5
16 Ratings

16 Ratings

Top Podcasts In Technology