Threats

The tactics of cyber criminal hacking crews are indistinguishable from those of sophisticated, state sponsored "advanced persistent threat" groups, the firm FireEye said in its most recent M-Trends report.

Dark Markets do it better, surveying the Phishing underground and dissecting a Fancy Bear attack

In episode 69 of The Security Ledger podcast, we speak with Luca Allodi of The University of Eindhoven in The Netherlands about research on the functioning of dark markets. Also: DUO Security researched the trade in phishing toolkits – you’ll be surprised at what they learned. And we deconstruct a campaign against the citizen journalism website Bellingcat.com to understand how the Russian Group known as Fancy Bear works.

Pharmaceutical giant Merck said on Friday that the NotPetya malware outbreak in June halted production and left it short of doses of Gardasil, a critical vaccine to prevent HPV. (Image courtesy of Merck.)

NotPetya Infection Left Merck Short of Key HPV Vaccine

The NotPetya malware infection shut down pharmaceutical giant Merck’s production of the pediatric vaccine GARDASIL last June, forcing the company to borrow the drug from a stockpile maintained by the U.S. Centers for Disease Control and Prevention to meet demand.

Ryan Kazanciyan talks to us about how he helps USA Network get the hacking scenes in Mr. Robot right. (Image courtesy of USA Network.)

Hacking Back Reconsidered and the Guy who makes Mr. Robot’s Hacking Scenes Look So Good

In this week’s podcast, we talk with Gadi Evron of Cymmetria, which released Mazehunter, a targeted hack-back tool this week about going on offense and staying on the right side of the law. Also: Ryan Kazanciyan of Tanium is one of the talented hackers who help design Mr. Robot’s hacking scenes. We talk with him about bringing realistic hacks alive on the small screen. And: when Uncle Sam dishes the dirt on a state sponsored campaign against critical infrastructure, what are companies supposed to do with the information? Mark Durfresne of the firm Endgame and Itzik Kotler of the firm Safebreach give us their thoughts.

Flaws in the NXP ColdFire Microprocessor could be widespread in embedded systems, security experts warn.

Flaw in MQX Operating System Could Put Internet of Things in Crosshairs

Flaws in software run by a range of microprocessors could be widespread in embedded systems, security experts and the Department of Homeland Security are warning.

Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

In this 67th episode of The Security Ledger Podcast, we talk with Bob Rudis of the firm Rapid7 about KRACK, a security hole that affects most wi-fi hotspots. Also: Or Katz of Akamai talks about that company’s work analyzing fast-flux botnets, which have become like AirBnB for cyber criminals looking for a place to host malicious networks. Finally: Tim Jarrett of Veracode tells us how a single security hole in an open source library found its way into millions of applications.