intelligence updates

Welcome to the Nucleon Cyber Intelligence podcast. This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/09/23/intelligence-briefing-74/ If you have been following the adventures of the hackers group called Revil cyber gang then they have fully returned and are once again attacking new victims and publishing stolen files on a data leak site. If you haven't heard about Revil gang, here is a short recap, Since 2019, the REvil ransomware operation, also known as Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files. We covered some of their attacks right here on big cases such as JBS, Coop, Travelex and many others. REvil shut down their infrastructure and completely disappeared after their biggest hack yet. A massive attack on July 2nd that encrypted over 50 service providers and over 1,500 businesses using a zero-day vulnerability in the Kaseya VSA remote management platform which had no patch. This attack had such wide-ranging consequences worldwide that it brought the full attention of international law enforcement to bear on the group. Maybe because of the pressure, the REvil gang suddenly shut down all their servers and went offline, leaving many victims in a lurch with no way of decrypting their files. Few days later, Kaseya (the company that have been hacked) received a universal decryptor that victims could use to decrypt files for free. It is unclear how Kaseya received the decryptor but stated it came from a "trusted third party.".... ---- On a different subject, cybersecurity experts warned that cybercriminal forums had in recent months been selling access to login credentials for software that the United Nations uses to manage internal projects. The software could provide valuable access to intruders looking to extort the UN or steal data. The cyber security firm Resecurity contacted UN officials after noticing the login credentials for sale on the dark web. Another Security firm reported to observe one prominent cybercriminal gang claiming access to the UN software. This caused the UN to release an official statement saying: “Unidentified hackers breached computer systems at the United Nations in April and the multinational body has had to fend off related hacks in the months since.” There are different rumors and stories about this incident, so we just thought to briefly mention it here in case this case evolves and we will pay more attention to it in the future. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/09/03/intelligence-briefing-73/ ---- Several times this year, LinkedIn seems to have experienced massive data scrape conducted by a malicious actor. An archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum. This time, the author of the forum post is purportedly selling information gathered from 600 million LinkedIn profiles. Latest LinkedIn leak They also claim that the data is new and “better” than that collected during the previous scrapes. Latest LinkedIn leak in 2021 Samples from the archive shared by the author include full names, email addresses, links to the users’ social media accounts, and other data points that users had publicly listed on their LinkedIn profiles. While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering. LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity. The social media platform, however, is of a different opinion on the matter: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in its statement regarding a previous data scrape, where malicious actors collected data from 700 million profiles... ---- Also, Notorious North Korean hacking group impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware. Researchers have been tracking Lazarus activity for months published new report by AT&T Labs. According to the report’s author, emails sent to prospective engineering candidates by the group purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall. Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” the report wrote. The campaign is just the latest by Lazarus that targets the defense industry. In February, researchers linked a 2020 spear phishing campaign to the stealing of critical data from defense companies by leveraging an advanced malware called ThreatNeedle. The new campaign was identified when Twitter users reported several documents that were linked to Lazarus group using, GM and Airbus as lures. The campaigns using the three new documents have similarities in command and control (C&C) communication but different ways of executing malicious activity, researchers found. Lazarus distributed two malicious documents related to Rheinmetall, a German engineering company focused on the defense and automotive industries. However, the second included “more elaborate content,” and thus likely went unnoticed by victims. Given the historically prolific nature of Lazarus—named “the most active” threat group of 2020 by Kaspersky —the latest attack against engineers “is not expected to be the last,” the report noted. “Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” the report said. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. https://news.nucleon.sh/2021/08/19/intelligence-briefing-71/ ---- A cyber attack has disrupted container operations at the South African port of Cape Town. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected. Cape Town Harbour Carriers Association said in an email to members: "Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored." Transnet's official website was down showing an error message. Transnet, which operates major South African ports, including Durban and Cape Town, and a huge railway network that transports minerals and other commodities for export, confirmed its IT applications were experiencing disruptions and it was identifying the cause. It declined to comment on whether a cyber attack caused the disruption. The state-owned company already suffered major disruptions to its ports and national freight rail line last week following days of unrest and violence in parts of the country. In response to a question on whether the cyber attack on Transnet was linked to the unrest, a government official said: "We are investigating, and when that is confirmed or dispelled we are going to make that announcement. "Currently we are treating it as an unrelated event." The latest disruption has delayed containers and auto parts, but commodities were mostly unaffected as they were in a different part of the port, one of the sources said. It will also create backlogs that could take time to clear. Transnet said its container terminals were disrupted while its freight rail, pipeline, engineering and property divisions reported normal activity. ---- Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is affiliated with the testing for travel initiative from the government. The leak made it possible for anyone to easily add a fake negative coronavirus test result or proof of vaccination by adding two code lines. In the database, it was possible to personally enter which kind of test was absolved and what the result was. Afterward, you would automatically receive a travel certificate from Testcoronanu. The site has since been shut down by the Ministry of Health. Not only was it possible to add test and vaccination certificates, but users could also alter the data of others. “Anyone with an internet connection could simply adjust data in a corona database. The leak put in question the reliability of the CoronaCheck app. “Any form of reliability is completely gone”, professor of microbiology at the UMC Groningen, Bert Niesters, said. “It is completely irresponsible to use this app for events where it is not possible to keep one and a half meters distance.” The leak also revealed personal information, such as the full names, addresses, phone numbers, social security numbers, passport numbers and medical information from over 60 thousand people. This highly sensitive information can easily be misused by cybercriminals. All locations from Testcoronanu have been closed. People who had an appointment to get tested will have to make an appointment with a different provider. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/08/13/intelligence-briefing-70/ ---- COVID related cyber attacks are attractive targets as they are usually well funded and time sensitive so ransomware should be easier. German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets. Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel. Pharmacies and vaccination centres issue them but The German Pharmacists Association said hackers had managed to produce two vaccination certificates by accessing the portal and making up pharmacy owner identities. In a statement they released they said: "The DAV, in consultation with the Health Ministry, stopped issuing certificates to investigate further", adding it had so far found no other indication of unauthorised access to the portal. "It can therefore be assumed that the more than 25 million vaccination certificates issued so far through pharmacies have all been issued by legally registered pharmacies," said the DAV. After a slow start, due to supply problems and bureaucratic hurdles, Germany's vaccine rollout picked up in May and June but now the pace of doses being administered is slowing. ---- The Saudi Arabian Oil Company, better known as Saudi Aramco, told that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors." Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company - files now apparently being used in a cyber-extortion attempt involving a USD 50 million ransom demand - likely came from one of its contractors. The oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way. "We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," Aramco said. A page on the darknet offering Aramco a chance to have the data deleted for USD 50 million in cryptocurrency, while another timer counted down from USD 5 million, likely in an effort to pressure the company. It remains unclear who is behind the ransom plot. Aramco has been targeted before by a cyberattack. In 2012, the kingdom's oil giant found itself hit by the so-called Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Aramco to shut down its network and destroy over 30,000 computers. In 2017, another virus swept across the kingdom and disrupted computers. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. In this podcast, we will discuss two topics , one related to cyber incident in the health care in the usa. the second a cyber incident related to south korea stealth fighter. Full post can be found at: https://news.nucleon.sh/2021/08/09/intelligence-briefing-69/

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/08/27/intelligence-briefing-72/ A group of Iranian hackers targeting U.S. military personnel on Facebook, deployed a "well-resourced and persistent operation" to connect with victims on the social media site, and trick them into providing sensitive information as part of a larger online espionage campaign, Facebook said recently. The group, known as "Tortoiseshell" in the security industry, targeted nearly 200 individuals associated with the military as well as defense and aerospace companies in the U.S., and to a lesser extent in the U.K. They used social engineering and phishing to direct victims away from Facebook and infect their devices with malware. Facebook said its investigation revealed that parts of the malware used by Tortoiseshell was developed by Mahak Rayan Afraz, a Tehran-based IT company with close ties to the Islamic Revolutionary Guard Corps (IRGC). "Based on our analysis of the capabilities of this malware, we believe it was target-tailored to understand the type of software that the device was running and the networks that it was connected to, to presumably assist in future targeting efforts for the attackers," Mike Dvilyanksi, Facebook head cyber espionage investigations, told..... ------ That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. In this special podcast, we will discuss Kaseya. Kaseya is a software company located in Florida, USA. They claim to have more than 40,000 organizations around the world using one of Kaseya’s industry-leading IT solutions. KASEYA has a product named VSA, it's a Remote Monitoring & Management set of tools aimed for different organizations and service providers. one of its features is Automating software patch management and vulnerability management to ensure that all systems are up to date and another feature is managing backups and antiviruses on remote systems. By design KASEYA VSA needs to have privileged access to the remote computers it manages. Kaseya said in a statement that approximately 50 of its direct customers were breached in a cyber attack. The attackers were able to gain access using the update server to the clients' networks and from there encrypt remote computers. Since many of Kaseya's customers provide IT services to small businesses such as restaurants and accounting firms it is difficult to estimate the number of businesses that were impacted because of this cyber attack. Another consequence was that the Swedish coop grocery store chain was forced to close 800 stores during several days. Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. Short time after the incident Kaseya said it sent a detection tool to nearly 900 customers. https://news.nucleon.sh/2021/07/29/cyber-news-update-67/ -------------------------------------------------------------------------------------------- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/06/30/cyber-news-update-67/ ---- Several Japanese government agencies reportedly suffered data breaches originating from Fujitsu’s information sharing tool they were using. The platform is a cloud-based enterprise collaboration and file-sharing platform launched in the mid-2000s. Fujitsu had earlier disclosed that hackers gained unauthorized access to the system and stole customer data. The computer emergency response team is still investigating and trying to determine if government agencies were targeted or the incident was a software supply chain attack. Investigators said that the cyber attack affected the Japanese Ministry of Land, Infrastructure, Transport, Tourism, the Cabinet Secretariat, and the Narita International Airport. The National Cyber ​​Security Center said that hackers accessed 76,000 email addresses and email system settings through Fujitsu’s file-sharing tool. They exfiltrated flight schedules, air traffic control data, and business operations data from the Narita Airport. Similarly, study materials from Japan’s Ministry of Foreign Affairs were exposed. Japan’s Cabinet Secretariat’s national cybersecurity center advised government agencies and critical infrastructure organizations relying on Fujitsu’s information-sharing tool to check for indicators of compromise. The Fujitsu hacking incident was the second affecting Japan’s government agencies in a month. In April, hackers compromised Solito’s file-sharing server that affected Japan’s Prime Minister’s office. Japan’s Chief Cabinet Secretary Katsunobu Kato, said that cyber attacks on Japan’s critical infrastructure were expected during the Tokyo Olympics. He noted that his office was prepared to address such security incidents. ---- This week, The Steamship Authority of Massachusetts is asking travelers to bring cash for tickets and parking as the ferry service continues trying to recover from a ransomware attack. Customers were unable to book or change reservations online or by phone for the largest ferry service to the islands of Martha's Vineyard and Nantucket after the cyber attack occurred. "There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality," the Authority said in a statement. The FBI is now taking the lead on the investigation, working in conjunction with the Coast Guard and the Massachusetts State Police Cyber Security Unit, Coast Guard First District Petty Officer Amanda Wyrick told the Cape Cod Times. This joins more and more cyber incidents where the FBI is taking the lead on the investigation as the US is starting to realize and understand that such cyber attacks are not done only for financial reasons but also in order to cause chaos and disrupt the daily lives of citizens. Ransomware attacks have become a national threat against the USA and we can see that each week the USA is starting to take more and more severe measures in order to deal with it. --- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/?p=1108 Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a VPN provider that had a zero-day. just to remind the listeners, a zero-day means exploit or vulnerability the vendor is not aware and there is no patch to solve the issue yet. A VPN stands for Virtual Private Network, which means it is the part of the network that must be exposed to the internet as it enables employees to connect and work from remote environments. Luckily, they still failed to cause any data loss or gain access to systems controlling the transportation fleet. According to Rafail Portnoy, MTA's Chief Technology Officer, while the attackers hacked into several MTA computer systems, they couldn't gain access to employee or customer information. MTA mitigated the vulnerability one day after the VPN provider issued an advisory, and published an alert that it had a vulnerability which already being exploited in the wild... Also, Cox Media Group appeared to be struggling with a cyber attack after many of its live streams went down. Cox is a large US media conglomerate, comprising 54 radio stations in 10 markets and 33 TV stations in 20 markets. It also operates the conservative news site rare.us, which appears to be unaffected. The US has recently increased its ransomware attacks scrutiny as they begin to pose a more visible national security threat. the deputy of national security advisor for cyber and emerging technology sent an open letter to US businesses urging them to be more resilient after the JBS and Colonial attacks. The letter laid out a series of protective steps, including backing up data, segmenting their networks, and maintaining an incident response plan... --- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- https://news.nucleon.sh/2021/06/10/cyber-news-update-65/(opens in a new tab) This week we can see a live demonstration of the importance of cyber security ! UF Health from Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network. The University of Florida Health, also known as UF Health, is a healthcare network of hospitals and physician practices that provide care to countries throughout Florida. While ransomware has been a scourge on businesses worldwide since 2012, it has recently received increased scrutiny due to recent attacks on critical infrastructure, healthcare systems, and food suppliers. Last month, the DarkSide ransomware operation attacked Colonial Pipeline, the largest US fuel pipeline. It led to a temporary shutdown of fuel transport to the southeast and northeast of the United States. Surprisingly, it seems that It's the second data breach involving UF Health since last August when one of its contractors was compromised by ransomware. So it's been less than one year since the last successful ransomware attack and now the organization is facing again the same type of cyber attack! official response was: "UF Health Central Florida detected unusual activity involving its computer servers. Our information technology team is collaborating with IT experts on our Gainesville and Jacksonville campuses to investigate the situation and mitigate any potential risks.” In 2020, there were nearly 4,000 publicly reported data breaches. In just 23 of them, more than 2 billion records were exposed. And, health care was the most victimized sector, accounting for 12% of those breaches. Organizations should remember that even if they got hacked once it doesn't mean hackers will not try to hack them again. ---- A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants, wiping out the output from facilities that supply almost a quarter of American supplies. It’s unclear exactly how many plants globally have been affected by the ransomware attack as Sao Paulo-based JBS has yet to release those details. The prospect of more extensive shutdowns worldwide is already upending agricultural markets and raising concerns about food security as hackers increasingly target critical infrastructure. Livestock futures slumped, while pork prices rose. JBS suspended it's North American and Australian computer systems on Sunday after an organized assault on some of its servers, the company said in a statement. Without commenting on plant operations, JBS said the incident may delay certain transactions with customers and suppliers. President Joe Biden directed his administration to do whatever it can to mitigate the impact on the meat supply. “Attacks like this one highlight the vulnerabilities in our nation’s food supply chain security, and they underscore the importance of diversifying the nation’s meat processing capacity,” said U.S. Senator John Thune of South Dakota. ---- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- https://news.nucleon.sh/2021/05/24/cyber-news-update-63/(opens in a new tab) One of the USA's largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York, was forced to shut down after being hit by ransomware in a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks. The operator of the system, Colonial Pipeline had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach. Also, An Incident that happened a while ago and worth mentioning is potentially sensitive information leak from the Washington, D.C., police department that was allegedly breached by a ransomware attack from a group seeking a payout. A group called Babuk claimed to be behind the attack. In a post made on its website, the group threatened to release information pulled from the department's systems if they were not paid an undisclosed amount. Screenshots of alleged arrest records and internal memos were posted on Babuk's website and re-shared online. Sensitive information was not revealed as much as it's known. That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/04/02/cyber-news-update-62/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. Cryptocurrency exchange is a popular target, they hold many different cryptocurrencies, and it's usually less protected than banks and other traditional financial institutions. British cryptocurrency exchange EXMO is joining other crypto exchanges and has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets. ----- There are many cybersecurity companies that perform regular patrols on the internet, searching different forums, searching hints both in the dark web as well as in the clear net. In the past, it was very easy to find people who are selling illegal stuff on the internet but in recent years the hackers realized that many of the users who are using the forums in the darknet are security researchers or law enforcement so forums that used to be public started limiting the access to them to provide access only for users who are able to prove who they are, for example by providing a recommendation from another user. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/02/07/cyber-news-update-60/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- For a company who develops software there are very strict guidelines in order to ensure that sensitive information is not leaked or accessed by unauthorized users. it is specially challenging these days since many of what used to be internal protected network services is now need to be available online in order to enable work remotely. The Nissan Motor Company, is a Japanese multinational automobile manufacturer headquartered in Japan. The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its development servers. --- Also covering: Capcom, the game developer behind many popular games such as Resident Evil, Street Fighter and Others, now says its recent attack compromised the personal data of up to 400,000 gamers. Capcom is a Japan-based publisher of blockbuster games detected a breach During the end of 2020, Capcom said its personal, as well as corporate data, was compromised. A group called Ragnar Locker claimed responsibility and said they had downloaded more than 1TB of corporate data, including banking details, contracts, proprietary data, emails and more. Gaming is increasingly becoming a target for all types of cyberattacks. Over the past several months, along with Capcom many other popular and big brands found themselves dealing with different cyber attacks. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/02/07/cyber-news-update-60/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- Lately it seems more and more organizations refuse to pay ransomware attacks, as a result there is increasing amount of stolen data offered for sale on the internet. A US-based auto parts distributor has sensitive data leaked by cybercriminals After refusing to pay ransom. A 3GB archive that purportedly belongs to NameSouth, a US-based auto parts shop, has been publicly leaked by the NetWalker ransomware group. The NameSouth archive leaked by NetWalker includes confidential company data and sensitive documents, including financial and accounting data, credit card statements, personally identifiable employee information, and various legal documents. --- Also covering: A wave of attacks against companies in Colombia uses a trio of Remote Access Trojans (RATs) to steal confidential, sensitive data. ESET an antivirus company said in a blog post that lately government and private entities in Colombia are being exclusively targeted by the threat actors, who seem to have a particular interest in the energy and metallurgical industries. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/02/05/cyber-news-update-58/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- malvuln.com is a new web site, it is a unique web site which offers a different view on vulnerabilities in software. It is the first website exclusively dedicated to the research of security vulnerabilities within Malware itself. For the non technical listeners we will explain in more details what it means. Many cyberattack have a phase where the attacker is installing some type of backdoor of a malware on the remote computer. --- Also covering: Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords amid a recent data breach. Eneco, a producer and supplier of natural gas, electricity and heat in the Netherlands, serves more than 2 million business and residential customers. In a recent statement, the company said that “cyber ​​criminals have used email addresses and passwords from previous thefts at other websites to gain access to approximately 1,700 private and small business My Eneco accounts, the online environment for Eneco customers.” All affected customers have been sent an email with instructions on how to create a new My Eneco account. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://blog.cybercure.ai/2021/01/19/cyber-news-update-57/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://blog.cybercure.ai/2020/07/31/cyber-news-update-31-7-20/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- Life Healthcare, a South African healthcare provider, is investigating a cyber-attack that targeted some of the group’s IT systems. Life Healthcare Group is the second largest private hospital operator in South Africa and said its southern African operation had been the victim of a targeted criminal attack on its IT systems. According to the organization, patient care has not been impacted by the cyber-attack, although some hospitals and administrative offices have switched to manual backup systems. The acting group CEO, said: “We are deeply disappointed and saddened that criminals would attack our facilities during such a time, when we are all working tirelessly and collectively to fight the COVID-19 pandemic." Its sad to see once again how organizations fails to allocate proper budgets to cyber security measures and training which might resulted in this attack. South Africa have been targeted lately by several strong entities resulting successful hacking attacks. --- Cosmetics giant Avon is recovering from a mysterious cyber-security incident that took place last week, on June 8, sources have told ZDNet. The company has filed documents with the US Securities Exchange Commission disclosing the incident on June 9, a day after the company first discovered issues with some of its IT infrastructure. The company said the incident "interrupted some systems and partially affected operations." Last week, Avon distributors reported problems accessing the company's backend, where they usually file new product orders. Issues with accessing the Avon backend have been reported in the UK, Argentina, Brazil, Poland, and Romania. Avon, which is owned by Brazilian multinational Natura &Co, has declined to provide details about the incident to both distributors, and the representatives of the press. An Avon spokesperson could not be contacted for comment, despite repeated attempts over the past two days. Details about the nature of the cyber-attack are still a mystery, but in a second document filed with the SEC on June 12, last Thursday, Avon promised to restore "some of its affected systems in the impacted markets" during this week. rumors on the internet states that the Avon incident is a ransomware attack carried out by the DopplePaymer gang. However,no independent confirmation found. While ago, The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. To support their claims, the DopplePaymer operators posted 20 archive files on a dark web portal the group is operating. So maybe there is a good reason for Avon to hide the details about the attack and not disclose ? ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. You can read the transcript of the podcast at: https://blog.cybercure.ai/2020/07/24/intelligence-update-24-7-20/ The National Highways Authority of India is responsible for management of a network of over 50,000 km of National Highways. India's cyber security agency, had issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid. This incident joins previous reports that several government agencies, media houses, pharma companies, telecom operators and a large tyre company in India may be targeted by a massive cyberattack from hacking groups with links to the Chinese government. also covering: Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. Foodora is an online food delivery brand originally based in Germany which offers meals from over 9,000 selected restaurants in several countries worldwide. The cybersecurity incident has exposed the account details of hundreds of thousands of customers in 14 different countries. read more at: https://blog.cybercure.ai/2020/07/24/intelligence-update-24-7-20/

Cyber News Update - July - 17th - 2020 by Nucleon Cyber

You can read the full blog at: https://blog.cybercure.ai/2020/07/10/intelligence-news/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. ---- ST Engineering is a Singapore based Technology company with an integrated engineering group in the aerospace, electronics, land systems and marine sectors, producing products used by militaries around the world. ---- Also covering, The the University of California in San Francisco is dedicated entirely to health science. It is a major center of medical and biological research and teaching. On June 3, UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment a few days earlier, the organization said in a statement on its website. *** They paid to of money *** In October, the FBI warned that ransomware attacks are becoming "more targeted, sophisticated and costly, even as the overall frequency of attacks remains consistent." The FBI does not advocate paying a ransom, the agency said, "in part because it does not guarantee an organization will regain access to its data." In some cases, victims who paid a ransom were never provided with decryption keys.