I'm a newbie to podcasts, but I got hooked recently because I can listen while doing something else.

What are your favorite cybersecurity podcasts? I'm not even sure the best way to link podcasts either, but regardless: the ones I'm liking so far are:

The Cyberwire: https://thecyberwire.com/podcasts

CISO Series: https://cisoseries.com/

Darknet Diaries: https://darknetdiaries.com/

Cybersecurity Today: https://www.itworldcanada.com/podcasts

Smashing Security: https://www.smashingsecurity.com/

Malicious Life: https://malicious.life/

Any more great recommendations? Any drama about the above ones?

Executive summary

In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.

The malware gained access to the healthcare institution systems through an infected USB drive. During the investigation, the Check Point Research (CPR) team discovered newer versions of the malware with similar capabilities to self-propagate through USB drives. In this way, malware infections originating in Southeast Asia spread uncontrollably to different networks around the globe, even if those networks are not the threat actors’ primary targets.

The main payload variant, called WispRider, has u

A social media network code-named P92 possibly compatible with ActivitPub, will allow users to log in using their existing Instagram credentials and share their thoughts.

This could be what Meta has in the pipeline as a possible plan to obliterate Twitter in the future.

Autonomy. Facebook has for the longest time lacked user autonomy, according to some tech reviews and this could be the answer to previous criticism.

From what we know thus far, the feature or app, will work on independent servers to allow users the space to set their code of conduct.

What is it?

Meta is developing a decentralized social media platform which is reportedly aimed at competing with Elon Musk’s Twitter.

Meta is exploring a standalone network for sharing text updates.

Twitter’s possible competitor codenamed project P92 will be accessed using the same login details as Instagram. At least that’s what we know so far.

The app will be compatible with ActivityPub, the protocol used by the open source Twitte

As Peter Thiel, one of Facebook’s prominent investor, put it: "Competition is for losers." Yep, those pseudo "market is always right" people don’t want a market when they are in it. They want a monopoly. Since its inception, Facebook have been very careful to kill every competition. The easiest way of doing it being by buying companies that could, one day, become competitors. Instagram, WhatsApp to name a few, were bought only because their product attracted users and could cast a shadow on Facebook.

But the Fediverse cannot be bought. The Fediverse is an informal group of servers discussing through a protocol (ActivityPub). Those servers may even run different software (Mastodon is the most famous but you could also have Pleroma, Pixelfed, Peertube, WriteFreely, Lemmy and many others).

You cannot buy a decentralised network!

But there’s another way: make it irrelevant. That’s exactly what Google did with XMPP.

The cybersecurity awareness trainer role aligns with the NICE Workforce Framework to Oversee and Govern, Protect and Defend, and Securely Provision.

Here are your responsibilities in this role:

• Train employees and users on how to recognize and prevent email security threats. This includes phishing scams, spoofing, vishing, whaling, and others.
• Promote organization-wide security awareness. This will apply to in-house and outsourced teams, including employees working from home.
• Train employees on how to protect against malware attacks like ransomware, spyware, scareware, adware, and keylogger. This will also cover anti-virus measures.
• Organize periodic security awareness training to ensure employees adopt security practices. This will also ensure that all personnel are conversant with the latest security threat.
• Provide real-world threat simulations to reinforce the importance of security awareness in the organization.
• Establish organization-wide password security and

The U.S. Army’s Criminal Investigation Division is urging military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail, warning that the devices could be rigged with malware.

In an alert issued this week, the army said services members across the military have reported receiving smartwatches unsolicited in the mail and noted that the smartwatches, when used, “have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.”

“These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords,” the army warned.

“Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches,” it added.

What is unclear, however, is whether this is an attack targeting American military personnel. The smartwatches, the inv

There are presently 201k people monitoring domains in Have I Been Pwned (HIBP). That's massive! That's 201k people that have searched for a domain, left their email address for future notifications when the domain appears in a new breach and successfully verified that they control the domain. But that's only a subset of all the domains searched, which totals 231k. In many instances, multiple people have searched for the same domain (most likely from the same company given they've successfully verified control), and also in many instances, people are obviously searching for and monitoring multiple domains. Companies have different brands, mergers and acquisitions happen and so on and so forth. Larger numbers of domains also means larger numbers of notifications; HIBP has now sent out 2.7M emails to those monitoring domains after a breach has occurred. And the largest number of the lot: all those domains being monitored encompass an eye watering 273M breached email addresses 😲

The poin

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising criminals will use more persistent malware, which enables them to return to the target for further victimization.

Malware has progressed, revealing some trends that may help cybersecurity professionals in combatting current and future strains.

#1. Malware is becoming increasingly aggressive and evasive

Evasive malware, designed to thwart traditional security technologies like first-generation sandboxes and signature-based gateways, is not new. However, the trend toward more sophisticated, aggressive, and evasive malware will probably emerge as a result of the latest developments in Artificial Intelligence (AI). In the past, evasive maneuve

The Department of Justice established a cyber-focused section within its National Security Division to combat the full range of digital crimes, a top department official said Tuesday.

The National Security Cyber Section — NatSec Cyber, for short — has been approved by Congress and will elevate cyberthreats to “equal footing” with other major national security issues, including counterterrorism and counterintelligence, Assistant Attorney General for National Security Matt Olsen said in remarks at the Hoover Institution in Washington.

The new section enables the agency to “increase the scale and speed of disruption campaigns and prosecutions of nation-state cyberthreats as well as state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” Olsen said.

Google is committing more than $20 million dollars to support the creation and expansion of cybersecurity clinics at 20 higher education institutions across the United States, the company announced on Thursday.

Such clinics rely on university students to provide free cybersecurity services to local institutions. By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.

“This investment that Google’s made today recognizes the value of experiential training. This is not only important for national security but for economic opportunities and national innovation,” Kemba Walden, the acting national cyber director, said at Thursday’s event announcing the funding. “Cyber clinics provide an on-ramp to cyber careers by enabling students from different backgrounds and majors to learn cyber skills.”

After years of breakneck growth, China’s security and surveillance industry is now focused on shoring up its vulnerabilities to the United States and other outside actors, worried about risks posed by hackers, advances in artificial intelligence and pressure from rival governments.

The renewed emphasis on self-reliance, combating fraud and hardening systems against hacking was on display at the recent Security China exhibition in Beijing, illustrating just how difficult it will be to get Beijing and Washington to cooperate even as researchers warn that humankind faces common risks from AI. The show took place just days after China’s ruling Communist Party warned officials of the risks posed by artificial intelligence.

Looming over the four-day meet: China’s biggest geopolitical rival, the United States. American-developed AI chatbot ChatGPT was a frequent topic of conversation, as were U.S. efforts to choke off China’s access to cutting-edge technology.

A new policy directive from Maine Information Technology (MaineIT) has put a six-month moratorium on the adoption and use of Generative Artificial Intelligence (AI) technology within all State of Maine agencies due to “significant” cybersecurity risks.

The prohibition on AI will include large language models that generate text such as ChatGPT, as well as software that generates images, music, computer code, voice simulation, and art.

It’s unclear whether and to what extent state employees have been relying on emerging AI tools as part of their jobs. Maine may be the first state in the U.S. to impose such a moratorium.

According to an email to sent on Wednesday to all Executive Branch agencies and employees from Maine’s Acting Chief Information Officer Nick Marquis, MaineIT issued a “cybersecurity directive” prohibiting the use of AI for all state business and on all devices connected to the state’s network for six months, effective immediately.

The BBC CISO says she is a “consummate cynic” about cybersecurity certifications. Helen Rabe believes schemes like the widely recognised ISO 27001 standard are “time consuming” and “cumbersome” to maintain for tech teams, and could be ripe for reform.

Rabe was speaking as part of a panel at the Infosec Europe conference in London, where she joined Munawar Vallji, CISO at rail ticketing platform Trainline, and Dr Emma Philpott, of advisory group the IASME Consortium for a panel on the future of cybersecurity certifications. BBC CISO ‘cynical’ about cybersecurity certifications

Cybersecurity certifications are designed to ensure organisations have an appropriate level of security across their teams. The most common certification is the ISO 27001 from the International Organisation of Standards, which was updated last year and is held by more than 30,000 companies.

While these certifications are not a legal requirement, they can be a contractual stipulation for IT buyers, particularly

Businesses must get better at attracting, supporting, and hiring new cybersecurity talent. Here are eight initiatives launched this year to facilitate entry-level skills development and career opportunities.

• ThreatX partners with Cyversity, ICIT to offer free cybersecurity training - Learn more
• EC-Council launches CCT scholarship to spark new cybersecurity careers - Learn more
• (ISC)2 makes entry-level cybersecurity certification free for 20,000 Europeans - Learn more
• EU Cybersecurity Skills Academy aims to become entry point for cybersecurity careers - [Learn more](https://digital-strategy.ec.europa.eu/en/library/communication-cybersecurity-skil

Every cybersecurity vendor has a different vision of how generative AI will serve its customers, yet they all share a common direction. Generative AI brings a new focus on data accuracy, precision and real-time insights. DevOps, product engineering and product management are delivering new generative AI-based products in record time, looking to capitalize on the technology’s strengths.

The 5 from the article:

1. Real-time risk assessment and quantification
2. Generative AI will revolutionize extended detection and response (XDR)
3. Improving endpoint resilience, self-healing capability and contextual intelligence
4. Improving existing AI-based automated patch management techniques
5. Managing the use of generative AI tools, including AI-based chatbot services

If you're trying to sign up to join Lemmy.pro you're certainly more than welcome to do so. Due to bugs out of our control, I think, but we're trying fixes anyhow - sometimes it works and sometimes it doesn't. So, if you don't get approved it's nothing personal it just probably didn't come through. You're more than welcome to try again, and make sure to check your spam folder for the confirmation email, they go there usually.

Thank you for your patience!

Complex, well-resourced, and well-organized, Anonymous Sudan looks like a front group for an intelligence service.

Anonymous Sudan's questionable provenance.

Researchers are moved to conclude that Anonymous Sudan is a Russian-run operation, and not the Islamist patriotic hacktivist collective it claims to be,

Is Anonymous Sudan a Russian front group, or a grassroots religious hacktivist group? Researchers at CyberCX have released an intelligence update on Anonymous Sudan after that threat group attacked Australian government organizations. The researchers point out that they assess, with high confidence, that Anonymous Sudan is unlikely to be the simple religious hacktivist group it purports to be, “and that Anonymous Sudan is unlikely to be geographically linked to Sudan.” CyberCX also assesses that the threat group uses a substantial paid proxy infrastructure across various countries to conduct its attacks. “Traffic was highly dispersed, with the common infrastructure across attac

Cybersecurity provider Trend Micro Incorporated has been integrating artificial intelligence (AI) into its technologies for a decade, but it hasn’t had the power of generative AI, until now.

Today Trend Micro announced its new Vision One platform, bringing together a series of different cybersecurity capabilities including extended detection and response (XDR), attack surface risk management (ASRM) and zero trust. In many respects, the platform is an evolution of the Trend Micro one platform announced in 2022, with the big new addition being gen AI.

The Trend vision one companion is a gen AI-powered assistant for security operation center (SOC) analysts. The technology enables security teams to use natural language queries to answer questions, assist with threat hunting and accelerate remediation.

“We’ve really tried to think about how we can bring the power of gen AI to the security operation center,” Trend Micro COO Kevin Simzer told VentureBeat. “When you’re in an SOC, It tends

Tesla CEO Elon Musk might have his very own supersecret driver mode that enables hands-free driving in Tesla vehicles.

The hidden feature, aptly named “Elon Mode,” was discovered by a Tesla software hacker known online as @greentheonly. The anonymous hacker has dug deep into the vehicle code for years and uncovered things like how Tesla can lock you out of using your power seats or the center camera in the Model 3 before it was officially activated.

After finding and enabling Elon Mode, greentheonly ventured out to test the system and posted some rough footage of the endeavor. They did not share the literal “Elon Mode” setting on the screen but maintain that it’s real.

The hacker found that the car didn’t require any attention from them while using Tesla’s Full Self-Driving (FSD) software. FSD is Tesla’s vision-based advanced driver-assist system that’s in beta but is currently available to anyone who paid as much as $15,000 for the option. The software was the subject of an interna

After weeks of burning through users’ goodwill, Reddit is facing a moderator strike and an exodus of its most important users. It’s the latest example of a social media site making a critical mistake: users aren’t there for the services, they’re there for the community. Building barriers to access is a war of attrition.

Reddit has an admirable record when it comes to defending an open and free internet. While not always perfect, the success of the site is owed to its model of empowering moderators and users to engage with the site in a way that makes sense for them. This freedom for communities to experiment with and extend the platform let it continue to thrive while similar sites, like Fark and Digg, lost major chunks of their user base after making controversial and restrictive design choices to raise profitability.