The Storm-0558 Rages On

A new data leak of more than 500 documents published to GitHub reveals the big business behind China’s state-sponsored hacking groups — from top-secret surveillance tools to details of offensive cyber ops carried out on behalf of the Chinese government.  Join Matt and David for a special State of Cybercrime, which dives into China's espionage campaigns and complex network of resources.  We’ll also discuss:- The massive cyberattack on Change Healthcare- Zyndicate’s successful hack of the Danish government- Apple Vision Pro’s launch day woes- Multiple developments in AI risk/regulation- How LockBit remains active after their servers and domains were seized- And more! 

CISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD February 2, 2024. The directive also warned that attackers had bypassed workarounds for current resolutions and detection methods. Join Matt, David, and Dvir to learn more about the Ivanti vuln and other cyber threats. OTHER BREAKING STORIES WE'LL COVER: • The latest ChatGPT news • Deepfakes… err breachfakes • Cloudflare's breach by suspected nation-state attacker • "Frog4Shell" spreading malware inside your network And more!  More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter: https://twitter.com/varonis Instagram: https://www.instagram.com/varonislife/

Enjoy our first State of Cybercrime episode of 2024 as Matt Radolec and David Gibson cover:Who is to blame for 23andMe’s big breachSEC’s X account getting hackedThreat actors swatting patientsVaronis Threat Labs research on a new, widespread vulnerability: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashesMentioned in this episode:NTLM Blog Post: https://www.varonis.com/blog/investigate-ntlm-brute-forceVaronis Threat Labs Blog: https://www.varonis.com/blog/tag/threat-research

In this episode of 'State of Cybercrime', the hosts discuss various topics including an executive order on Artificial Intelligence(AI) by President Biden promoting a balance between AI safety, security, privacy and innovation, as well as implications for American leadership in AI. They covered the disruptive Mozi Botnet, SolarWinds CISO's challenged with fraud and difficulties experienced by IT administrators patching vulnerabilities. They also touched on the continuous exploitations of Citrix and Confluence, and the emergence of cybercrime ring, Hunters International. An exploration of AI potentials and the need for legislation to prevent nefarious uses are also discussed. 00:30 Introduction and Welcome01:04 Agenda for the Episode02:03 Good News: Dismantling of Pirates05:46 Good News: Disruption of Mozi Botnet07:16 Danger Zone: SEC Charges SolarWinds CISO12:25 Vulnerable Vulnerabilities: Citrix Vulnerabilities15:34 Vulnerable Vulnerabilities: Confluence Vulnerability17:02 AI Vey: President Biden's Executive Order on AI18:51 AI Vey: UK Summit on AI22:55 Conclusion

Few breaches have drawn as much social media fervor as the recent 23andMe incident, in which the genomics company was victim to a massive credential stuffing attack that leveraged leaked and reused passwords to target accounts without MFA.What differentiates this attack from others is that 23andMe itself was not breached, but an entire wave of its users was targeted individually. There are claims that these profiles — including genetic and geographic ancestry data — are available on hacking forums, but the legitimacy of those claims is still being investigated.Join the State of Cybercrime team, Matt, David, and Dvir, to learn about the numerous tools hackers use for cred stuffing, examples of when these tactics have been used in organizational attacks, and what you can do to protect yourself.OUR FAN-FAVORITE PANEL WILL ALSO DISCUSS:The record-breaking HTTP/2 Rapid Reset zero-dayThe HelloKitty ransomware group source code leakNew attacks from ALPHV (BlackCat)An update on the trends in cyber warfare

Join Matt Radolec and David Gibson for this episode of the State of Cybercrime, recording from Black Hat 2023, as they cover the latest threats you need to know about. Also be sure to check out our webinar, New SEC Cyber Rules: Action Plan for CISOs and CFOs on Tuesday, August 22 | 12 p.m. ET. Link here: https://info.varonis.com/en/webinar/what-the-new-sec-requirements-mean-for-your-org-2023-08-22

The Storm-0558 incident has proven to be even more widespread than initially reported. While Microsoft originally stated that only Outlook.com and Exchange Online were affected, Wiz Research has discovered that the compromised signing key may have allowed the cybercriminal group to forge access tokens for SharePoint, Teams, OneDrive, and every other app that supports logging in with Microsoft credits. Watch our team of experts during this State of Cybercrime episode that assesses the reach of this incident and teaches you what you should do to make sure you are safe and secure.

A Microsoft zero-day vulnerability has allowed hacking group Storm-0558 to forge Azure AD authentication tokens, and breach organizations — including U.S. government agencies — in the past week. Watch this State of Cybercrime episode to hear our experts break down how this attack happened, see the discoveries made by the Varonis Threat Labs team, and learn what you can do to make sure your data is safe and secure.

Across the globe, CL0P ransomware group is extorting hundreds of organizations after exploiting an unknown SQL injection vulnerability in file transfer service MOVEit. The victims need to contact the ransomware group by June 14 or their stolen data will be published publicly on the group’s extortion site. Join Matt Radolec, David Gibson, and special guest Dvir Sason to learn more about how the ransomware group exploited the critical flaw in the transfer application, which they were likely experimenting with since 2021.

In the wake of the U.S. defense leak, the Pentagon CIO has given a one-week deadline for all defense agencies to ensure compliance with DOD information security protocols. But what does that actually mean? Join Matt, David, and Varonis Team Lead Engineer for U.S. Public Sector Trevor Brenn for a State of Cybercrime episode that breaks down what the DOD is demanding from its agencies and how this influences the future of information security within government.