Security Squawk - The Business of Cybersecurity

Hosts: Brian Hornung, Reginald Andre, Randy Brian, and Ryan O'Hara In this episode of the Security Squawk podcast, the hosts delve into several recent cybersecurity incidents. Firstly, they discuss the breach of the US Congress which led to the exposure of the personal information of 170,000 staff members. The hosts analyze the impact of this breach on the affected individuals and also consider the potential implications for future cybersecurity decisions made by Congress. Next, the speakers examine the ransomware attack on Ring, a smart home security company owned by Amazon, which was carried out by a Russian group known as "Black Cat". The hosts critique Amazon's response to the attack and investigate the root cause of the incident. Finally, the hosts discuss a recent hack on SpaceX's contractor, in which hackers threatened to sell 3,000 stolen drawings to the company's competitors. The speakers provide insight into how companies can safeguard their data when they collaborate with third-party vendors and contractors.

The Security Squawk Podcast discusses the recent vulnerabilities found in Trusted Platform Module (TPM) that could allow hackers to steal cryptographic keys and sensitive data. They also talk about recent cybersecurity incidents, such as the ransomware attack on Oakland and the data breach suffered by Acer. The hosts emphasize the need for businesses to take proactive measures to secure their data and prevent cyber-attacks. They also mention the Medusa ransomware group's ransom demand for $1 million for the Minneapolis Public School hack. The podcast ends with a discussion on the White House's updated National Cybersecurity Strategy for 2023, which focuses on shifting the burden of defending the country's cyberspace towards software vendors and service providers and the importance of collaboration between the public and private sectors.

Last Pass breach In this episode of the Security Squawk podcast, the hosts analyze the latest cybersecurity incident with LastPass. LastPass, a popular password manager, suffered a data breach in August 2021. The company initially reported that the attackers had gained access to the backup server, but not the encrypted vaults containing user passwords. However, a recent update reveals that the attackers were able to obtain valid credentials for a senior DevOps engineer, giving them access to LastPass' data vault, among other things. The vault contained encryption keys for customer vault backups stored in Amazon S3 buckets. It is unclear whose vaults have been compromised, but the incident highlights the risks associated with remote work and the need for stronger security measures. Ransomware attack on US Marshal Service In this episode, the speakers also discuss the ransomware attack which hit the US Marshal Service. The attack targeted systems that contain sensitive law enforcement information, administrative information, and personally identifiable information. It is not known if it was a targeted attack, but it is believed that the attacker exfiltrated data before the attack. It is unlikely that they will turn over the keys for the ransom, especially after the FBI's recent successful takedown of Hive. Additionally, News Corp was breached over a year ago, and employees are only now being notified. It is believed that the Chinese government was behind the attack, and some personal information was compromised. The affected parties are being offered two years of free identity protection and credit monitoring. GoDaddy Security breach Further, the hosts discuss a series of security breaches that have recently occurred at GoDaddy, including spear phishing attacks and compromised passwords that have resulted in the theft of sensitive information belonging to thousands of customers. Despite being labeled as the work of "sophisticated threat actors," the author argues that most hacking attacks rely on con artistry and psychological tactics, rather than technical know-how. The article also highlights the importance of domain privacy and the risks associated with transferring domain names to unverified individuals.

The Security Squawk podcast crew discusses cybersecurity, where they examine various breaches and cyber threats. They analyze recent attacks against GoDaddy, which compromised the login credentials of their hosting customers and personnel. They discuss the importance of good password hygiene, multifactor authentication, and scanning for viruses and suspicious activity. They also talk about the proposed legalization of hacking in Russia for patriotic reasons and the recent FBI cybersecurity incident. They dive into the rise of ransomware attacks against the semiconductor industry and the need for improved network security using government grants. The hosts also talk about a cybersecurity incident at Lehigh Valley Health Network, traced back to an unauthorized activity from a doctor's office. They emphasize the need for separate networks and awareness of the risks of connecting personal devices to corporate networks. The episode ended with a discussion about the use of BYOD devices in healthcare.

The Security Squawk podcast discusses the recent surge of ransomware attacks and their impact on cybersecurity. The hosts talk about the clop ransomware group's breach of 130 organizations using a zero-day vulnerability in the Go Anywhere MFT secure file transfer tool, highlighting the risks associated with file transfer tools that are installed on servers managed by companies and exposed to the internet without proper patching and firewall configurations. The conversation also discusses a recent supply chain breach involving GoAnywhere MFT software, with up to 10-13% of servers compromised, and expresses concern over the vulnerability of these companies and the potential disconnect between security professionals and management. The article discusses multiple instances of cyber attacks on companies, including Pepsi Bottling Ventures, which was hit with malware that stole employees' personal information, and Nether Manufacturing, which was hit with ransomware. The article also mentions a new ransomware called Mortal Kombat that is targeting systems in the US and highlights the importance of proper security measures and not clicking on suspicious emails or files. The news segment reports on a series of ransomware attacks in the United States, including on a school, a city, a police network, and a property appraisal website. The lack of cybersecurity maturity in some organizations is noted, and the need for companies to undertake third-party assessments of their network is emphasized.

The Security Squawk Podcast crew discusses cybersecurity. The hosts, Bryan Horning, Reginald Andre, Randy Brian, and Ryan O'Hara, talk about the current state of ransomware attacks happening in the world. They discuss the recent attack on a hospital in Tallahassee, which has led to a security issue, and the hospital has suspended all non-emergency procedures. The word "issue" to describe the attack is noted as being too weak, and the hosts suggest it is being used to minimize public fear and legal implications. The hospital has been targeted due to its large amount of valuable data, making it a high-value target for criminals. The hospital is prioritizing its IT systems and bringing them back online one by one. Ryan, Randy, and Bryan are discussing the recent ransomware attacks on hospitals and other organizations. They mention that the increase in ransomware attacks was expected due to a combination of factors, including the position of the hackers, the release of vulnerabilities, and the recent boasting of the FBI and Justice Department about their takedown of some cybercrime groups. They also discuss the vulnerability in VMware ESXi servers, a common technology many organizations use for their server infrastructure. The ransomware variant, DougE, is fast and widespread, causing admins to scramble to patch their systems. The recommendation is to apply the patch as soon as possible and to scan for signs of compromise if the system is left unpatched. The vulnerability is considered serious as it gives the attacker's God mode access to all virtual machines running on the VMware ESXi server. The conversation is about cyber security and the recent ransomware attacks on various organizations. The crew discusses the importance of having an independent cybersecurity risk assessment to understand the full picture of the security situation. They are also discussing the need for regular maintenance and updates to keep systems secure and the importance of educating people about cybersecurity, including the next generation. The cyber experts also mention the recent attack on a chipmaker and a school district, as well as Italy's recent ransomware attack, which was related to the VMware issue. They also mention the use of the Conte ransomware source code by the LockBit ransomware group, highlighting the need for constant vigilance and updates to stay ahead of evolving threats.

Cyber security experts Bryan Hornung, Randy Bryan, Reginald Andre, and Ryan O'Hara discuss a recent cyber attack on NextGen, a healthcare software giant that produces electronic health records and practice management systems for hundreds of large hospitals and clinics in the US, UK, India, and Canada. The company has responded to the attack, stating that they have immediately contained the threat, secured their network, and returned to normal operations. They are conducting a forensic review and have not uncovered evidence of access to or exfiltration of client data. The podcast hosts discuss the lack of information about the attack and speculate about the potential impact on Next Gen's customers. The cybersecurity experts then discuss a recent cyber attack on T-Mobile that exposed the personal information of 37 million customers. The company has reassured that the hack did not include the most sensitive information that would put customer accounts and finances at risk. However, the group discussing the article expressed concern about T-Mobile's frequent cybersecurity breaches and the need for consumers to assume their data is already out there and take steps to protect it, such as freezing and locking their credit reports. As a result, T-Mobile customers and the potential for phishing scams and MFA attacks. They also discussed a large-scale credential stuffing attack on PayPal accounts, where hackers used a dictionary of email addresses and passwords to gain access to accounts. The group noted that while PayPal quickly detected the unusual activity and did not report any financial losses, they advised users to change their passwords and enable MFA. They also discussed that many people are not taking the necessary steps to protect their personal information and identity. The cyber security podcast crew then discussed concerns about the security of the TSA's no-fly list and the ease with which it can be accessed by hackers on unsecured regional airline computers. The speakers express concern about the lack of authentication and security measures in place to protect the list, and worry about the potential for hacking and misuse of the information. They also mention that ransomware payments have gone down but are still at record levels over the last few years. The show concludes with a reminder that there are always new attack vectors to be aware of.

Cybersecurity podcast Security Squawk Episode 107 - Educating business leaders about cyber threats.Cybersecurity experts Bryan Hornung, Reginald Andre, Ryan O'Hara, and Randy Bryan sit down to discuss a ransomware attack on a company called Maternal and Family Health Services, in which the hackers had access to their system as far back as August 21, 2021. The cyber security experts discussed the potential lawsuit and the time gap between when the attack was discovered and when the notices were sent out. They also mention that it took the company a long time to figure it out and that personal information such as names, addresses, dates of birth, social security numbers, driver's license numbers, financial account payment, card information, user names, passwords, medical information and health insurance information were compromised.Then the conversation turned to a ransomware attack that affected around 1000 vessels and their Ship Manager software, a Norwegian-based class society. They discussed the lack of detail provided and its impact on the ships, including the potential for the vessel to be locked out of the software and the need to run the boat manually. They also discussed a recent issue with the FAA system, which they believed to be a cyber attack, but they weren't sure if the information provided was accurate. They also talked about the issue of ransomware attacks affecting schools and organizations and the costly lawsuits that follow, such as the case of Hope College, which is currently facing three lawsuits with one as much as $5 million.

On episode 106 of the Security Squawk Podcast, cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss a cyber attack on a school district in Des Moines Iowa, where classes have been canceled for 33,000 students after a cyber attack on its Technology Network. The hosts discuss the issue and mention that this is a common MO for cyber attacks, where not much information is released. They also mention that this is a more serious issue than in the past and that the school district probably wants to keep negotiations private if there is a ransomware attack. A follow-up to the Knox Community College ransomware. The school disclosed they investigated and responded to a data breach where sensitive information like personal information, national ID numbers, social insurance numbers, passport numbers, IP addresses, employer identification numbers, medical records, health insurance information, sexual orientation, religion, and union affiliation were exposed. The group expresses their concern and skepticism about the company's statement that there is no indication that any specific information was or will be misused, but they cannot rule out there may be attempts to carry out fraudulent activity. They mention that the data was exposed on the dark web, and the company didn't send out notices till the end of December, which is disturbing. They also discuss that companies often underestimate the value and potential use of their data by cybercriminals, and the lack of education and understanding of the risks involved in a cyber attack. They also mention that the data can be used to ruin people's lives for years and the border crisis and biometric information also being accessible. We also discuss the sale of credentials for accessing Chick-fil-A accounts on the dark web, with the cyber experts discussing the ease with which criminals could use the information to steal from the accounts. They also discuss the need for companies to have policies in place that dictate what employees should and should not post on internal chat apps like Slack and the need for tools to help automate and police those policies.

In Episode 105 of the Security Squawk podcast, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss third-party risk and how the increasing number of cyber-attacks against your partners and vendors can impact your business. The cybersecurity experts discuss why they think third-party vendor risk assessments will become more common and why businesses must start evaluating their third-party risk. The crew discusses what companies are doing to ensure they have evaluated their third-party risk while discussing the Cott Systems cyber-attack, which has impacted many local governments in 21 States. We also update everyone on some older cyber attacks that we have new information on, including the cyber-attack at Louisiana hospital that impacted 270,000 patients. We also updated the Toronto SickKids hospital, getting a free decryptor and an apology from LockBit. We also cover Burlington Community College and Harrington Raceway & Casino cyber-attacks. Please remember to share, like, and subscribe to our Podcast and social media channels.

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss a wide range of cybersecurity topics currently impacting millions of people. In the show, the guys break down how and why the Password Manager provider Lastpass breach will impact millions in the coming months. Toronto Children's Hospital provides more information about their recent ransomware event, coinciding with a joint warning from the FBI & CISA to U.S. hospitals. We discuss what that is all about. As always, we enjoy updating our audience on past attacks, and Suffolk County has provided no shortage of lessons learned for cyber experts to dissect. The crew then discusses the big deal with Okta Source Code discovered on Github. And finally, the Electric Utility contractor data breach raises concerns over the security of the U.S. power grid.

There seems to be no shortage of new tactics that cybercriminals are trying in the past few weeks and months. In this week's episode, cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss some of these new tactics and what they could mean for businesses in the future. The cybersecurity experts discuss an interesting twist around the Knox College ransomware attack that is becoming a favorite tactic for cybercriminals. Cybercriminals have devised a new way to evade Spam filters and trick your employees. Check out this new tactic and how to protect yourself. Then the cyber security experts dive into various topics around the Draft Kings data breach, the Seven Rooms data breach, and the new ways hackers are using Microsoft Windows to attack your business. Please share & subscribe to our Podcast and as always find us on social media if you ever have any questions or comments.

In this week's episode, cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss all things Cyber Insurance. Are you asking, "why do I need cyber insurance for my business?". "Or why does my business need cyber insurance in the first place?" Even worse, insurance companies are making it harder for small and mid-sized businesses to obtain cyber insurance. The crew discusses what companies need to do to qualify for cyber insurance. Cyber insurance may not pay out even if you qualify for a cyber insurance policy. Find out why many businesses are having their claims denied by cyber insurers. 2023 is a year when we are going to see more and more cyber attacks. Now is the time to prepare. Please listen to this episode; you will learn everything you need to know to protect your business in 2023.

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss what is going on with the Rackspace security breach and what MSSP alerts are saying it is. Next, the experts talk about a ransomware attack that caused a French hospital to transfer patients and shut down operations. They will talk on what happened and why businesses need to take cybersecurity seriously. Then, the team talks about the Travis Central Appraisal District whose office was hit by a Royal Ransomware that shut down phone lines and online chat systems. What happened? The experts continue to discuss a school in Little Rock, Arkansas who was hit with a ransomware attack and had to pay the hackers. They will discuss what they think was stolen from their systems. Lastly, the experts briefly go into an update on Essent who is working to rebuild its systems. Also, a South Jersey district- Monroe Township- was closed for three days due to internet issue leaving parents to wonder, why? Tune in, Like and Share the Show! Articles Used: https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f https://www.msspalert.com/cybersecurity-news/rackspace-hosted-exchange-security-incident-timeline-and-recovery-updates/ https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-french-hospital-to-transfer-patients/ https://www.statesman.com/story/news/2022/12/05/travis-county-tx-home-appraisals-ransomware-attack/69703419007/ https://www.thv11.com/video/news/education/little-rock-schools-to-pay-hackers-to-end-ransomware-attack/91-d492d592-062b-4d1a-ad78-9dd1a3a82f4d https://www.asicentral.com/news/newsletters/promogram/december-2022/essent-working-to-rebuild-after-encryption-attack/ https://www.inquirer.com/news/monroe-township-schools-closed-internet-third-party-unauthorized-20221201.html

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss some hackers who are exploiting TikTok's "Invisible Body Challenge" to spread malware that can steal passwords and credit card details. The experts get into what theybelieve is going on and what you can do to fix it. Next, the experts discuss a brute cyberattack on customers who use DraftKings betting site. Find out how much they stole and what DraftKings president is saying. Meanwhile, the crew talks about how Google has released an emergency security update for the desktop version of the Chrome web browser which is the eighth zero-day vulnerability this year. Also, the crew discusses how this Chrome extension is being deployed to steal cryptocurrency passwords. Lastly, the team talks about WhatsApp data breach who is selling nearly 500 million user records and what's going on there? Also, the experts briefly go over who the United States government is banning the sale of equipment from and what they are saying is the reason "unacceptable risks to national security". Tune in! Like and Subscribe! Articles used: https://www.forbes.com/sites/barrycollins/2022/11/29/tiktok-invisible-body-challenge-hijacked-to-spread-malware https://www.bleepingcomputer.com/news/security/hackers-steal-300-000-in-draftkings-credential-stuffing-attack https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-8th-zero-day-in-2022/ https://www.bleepingcomputer.com/news/security/google-chrome-extension-used-to-steal-cryptocurrency-passwords/ https://www.techradar.com/news/whatsapp-data-breach-sees-nearly-500-million-user-records-up-for-sale https://www.bleepingcomputer.com/news/security/us-bans-sales-of-huawei-hikvision-zte-and-dahua-equipment/

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara quickly provide an update on the Jackson County and MediBank cyberattacks that happened not to long ago. The experts then discuss a data breach settlement that Forefron Dermatology has to pay $3.75M individuals who were impacted and how these individuals were impacted after the fact. Meanwhile, the crew talks about a ransomware attack that has affected 650 healthcare providers, who was involved & how did this happen? Next, the team discuss a CMMC update that helps prepare small businesses in the DoD space. Also, an update on the FTC safeguard rule that is extended now by six months, what does that mean for businesses? Lastly, the cyber experts talk about a phishing kit that is impersonates well known brands to target US shoppers. Tune in and Like/Share Show! Articles that were used: https://healthitsecurity.com/news/forefront-dermatology-to-pay-3.75m-in-healthcare-data-breach-settlement https://techcrunch.com/2022/07/13/pfc-ransomware-healthcare/ https://washingtontechnology.com/companies/2022/11/key-takeaways-wts-cmmc-summit/379747/ https://www.consumerfinancemonitor.com/2022/11/16/ftc-extends-deadline-for-updated-safeguards-rule-by-six-months https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss an Austrailian bank, Medibank who faces possible class action after a devastating data breach that left millions of customers exposed. Who is allegdly behind this hack? Meanwhile, they continue to dive deeper into why Austrailia is considering banning the payment of ransoms to cybercriminals because of Medibank. Next, the crew talks about a Canadian food retail giant, Sobeys, who was hit by Black Basta ransomware. What should the grocery store have in place so their IT systems don't disrupt their operations again? Tune in. Meanwhile, the experts get into another ransomware attack that shut down two counties, Jackson and Hillsdale in Michigan because of a systems outage. What's going on here? Lastly, the cyber experts talk about 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. Like and share the show! Articles that were used: https://www.news.com.au/technology/online/hacking/medibank-faces-possible-class-action-after-hack-leaves-millions-of-customers-exposed/news-story/aa73c71740879c524b6dc01bfe268350 https://www.reuters.com/technology/australia-consider-banning-paying-ransoms-cyber-criminals-2022-11-12/ https://nbc25news.com/news/local/jackson-and-hillsdale-counties-close-due-to-ransomware-attack https://www.bleepingcomputer.com/news/security/canadian-food-retail-giant-sobeys-hit-by-black-basta-ransomware/ https://www.bleepingcomputer.com/news/security/42-000-sites-used-to-trap-users-in-brand-impersonation-scheme/

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss a new report on how hackers are selling access to 576 corporate networks for $4 million. The team will explain what they think these companies could've done to prevent this from happening. Next, the experts talk about a threat actor who is behind this supply-chain attack which has injected a malicious code into a file that gets loaded by news outlets' websites and how to protect yourself if your a news outlet. Also, the crew gets into an instagram influencer known as 'Hushpuppi' who has been sentenced to 11 years in prison for cyber fraud. Tune in! Lastly, the cyber experts talk about Emotet malware operation which is again spamming malicious emails after almost a four-month "vacation." The team discusses what's going on here. Make sure to like and share the show! Articles used: https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/ https://www.bleepingcomputer.com/news/security/influencer-hushpuppi-gets-11-years-in-prison-for-cyber-fraud/ https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-4-month-break/ https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss an FTC guideline or regulation that impacts a lot of businesses in the United States. The team talks on why people should be paying more attention to these guidelines and why its important to. Next, the crew talks on what the government is saying and why they're pushing these businesses like financial services who handle transactions, credit card information, wire transfers, etc. to stay up to date on cybersecurity. Tune in! Make sure to like and subscribe! Share the show!

In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara with special guest Javvad Malik at J4vv4D discuss the topic of phishing & what Javvad notices is going on with these types of attacks. Next, the team disucsses 4 tips security experts are saying will help protect thier IT employees from clicking on a link. Tune in to learn how to mitigate this human error! Then, the crew review some of the top phishing scams this week relating to Costco, Ace Hardware, PayPal, Netflix, Truist, cPanel, and Microsoft. Would you have been able to spot these scams? Lastly, the security experts discuss an article about a 65-year women who was scammed on Instagram because she was in love. Make sure to tune in! Like and Share the show! Articles used: https://unfspinnaker.com/98214/news/phishing-is-organized-crime-unf-chief-information-officer-says/ https://www.constructiondive.com/news/cybersecurity-spear-phishing-tech/634408/ https://news.trendmicro.com/2022/10/21/costco-ace-hardware-paypal-netflix-truist-cpanel-microsoft-phishing-scam/ https://gizmodo.com/astronaut-iss-instagram-1849638814