The 443 Podcast - Episode 262 - Bing Chat Malvertising

This week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing's ChatGTP integration. We then end with an analysis of North Korea's Lazarus group's latest social engineering techniques. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

Finding and Analyzing Ransomware Groups in 2023: A Guide

You don’t need to be an expert in cybersecurity to know that ransomware, which gets plenty of coverage in the media, is a threat – and one that’s getting worse. Cyberint’s research shows that Q2 2023 alone saw 1386 new ransomware cases, a 67 percent increase in ransomware victims compared to the preceding quarter. This number was surpassed in Q3 with a whopping 1420 cases. Finding and analyzing ransomware groups is a central part of the Cyberint research team’s focus.

Rhadamanthys malware analysis: How infostealers use VMs to avoid analysis

The infostealer malware Rhadamanthys was discovered in the last quarter of 2022. Its capabilities showed a special interest in crypto currency wallets, targeting both wallet clients installed in the victim’s machine and browser extensions. The main distribution methods observed for this threat are fake software websites promoted through Google Ads, and phishing emails, without discriminating by region or vertical.

Announcing IaC+ early access: Secure your infrastructure configurations across the SDLC

Designing and maintaining secure infrastructure configurations from code to cloud is a complex process involving multiple technical teams and security stakeholders. The first challenge is writing secure infrastructure configurations pre-deployment.

[HEADS UP] Aurora Police Department Warns of Contactless Payment Processors Scams

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam. The Aurora Police Department Economic Crimes Unit posted this tweet last week with a warning: Source: Twitter In a statement by Aurora Police Sergeant's Dan Courtenay on how cybercriminals obtain the user data to FOX31, “Now they have Bluetooth, where they can just sit in the parking lot of the gas station and it feeds right onto their laptop,” Courtenay said.

Cybersecurity: a key player for the present and future of business

Cybersecurity Awareness Month has been celebrated every October for 20 years. This initiative, promoted by the Cybersecurity and Infrastructure Agency (CISA) with the support of the National Cybersecurity Alliance, aims to raise awareness of the importance of implementing a comprehensive cybersecurity system.

Does AI lead to AppSec hell or nirvana?

The use of artificial intelligence in every area of life — from writing papers to maintaining critical infrastructure to manufacturing goods — is a controversial topic. Some are excited about the possibilities that come with AI/ML tech, while others are fearful and reticent. These differing opinions raise a fundamental question: will AI turn our modern-day society into a utopia or a dystopia?

Generative AI and the Automation of Social Engineering Increasingly Used By Threat Actors

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan. “In the past, poorly worded or grammatically incorrect emails were often telltale signs of phishing attempts,” Kaburu writes. “Cybersecurity awareness training emphasized identifying such anomalies to thwart potential threats. However, the emergence of ChatGPT has changed the game.

Cybersecurity Awareness Month 2023: Five Reasons You Need Automatic Software Updates for Your Application Security.

October 2023 marks the 20th anniversary of Cybersecurity Awareness Month. The initiative is spearheaded by the U.S. National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Agency (CISA). It is a collaboration between these U.S. government agencies and industry to raise awareness about cybersecurity, the risks we face from digital crime and cyberattacks, and how to protect ourselves from them. This year, the campaign promotes four key behaviors to strengthen cybersecurity.

Exchange Cash to Tether ERC20 (USDT)

You can exchange Cash to Tether ERC20 (USDT) at a more favourable rate if there is a decrease in cryptocurrency demand and vice versa on www.bestchange.com/dollar-cash-to-tether-erc20.html. Added additional nuances to this factor, such as the absolute decentralization of each ecosystem and the anonymity of each participant in the cryptocurrency market. There are excellent opportunities to increase your start-up capital without the risk of increased attention from centralized government authorities.