EP 85: The Rise Of Bots (and Bots As A Service)
The Hacker Mind
by Robert Vamosi
3M ago
Bots are actionable scripts that can slow your day to day business, be enlisted in denial of service attacks, or even keep you from getting those tickets Taylor Swift you desperately want. Antoine Vastel from DataDome explains how it's an arms race: the better we get at detecting them, the more the bots evolve to evade detection. Transcript here ..read more
Visit website
EP 84: When Old Medical Devices Keep Pre-shared Keys
The Hacker Mind
by Robert Vamosi
3M ago
You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps on the secondary market with the network credentials for the original Health Care Delivery Organization in tact. In theory he could join that network as that device and potentially pivot to other parts of the HDO.  No good since there are 100s of thousands of these devices in use today.  ..read more
Visit website
P 83: Tales From The Dark Web: Ransomware, Data Extortion, and Operational Technology
The Hacker Mind
by Robert Vamosi
4M ago
With the recent Clop attack on customers of MoveIt, ransomware is now old news. Attackers are skipping the encryption and simply extorting the exfiltrated data, according to Thomas “Mannie” Wilken, from the Accenture Cyber Threat Intelligence Dark Web Reconnaissance Team. He should know; he spends his days on the Dark Web seeing the rise of new infostealers, deep fakes, and even the rise of OT technologies as potential targets in the near future ..read more
Visit website
EP 82: The Vulkan Files
The Hacker Mind
by Robert Vamosi
4M ago
Imagine a data dump of files similar to the Snowden Leaks in 2013, only this it’s not from the NSA but from NT Vulkan, a Russian contractor. And it’s a framework for targeting critical IT infrastructures. In a talk at DEF CON 31, Joe Slowick from Huntress, shares what a Russian whistleblower released in the form of emails and documents, and how we can tie some of that back information to some of the Sandworm campaigns and recent attacks against Ukraine ..read more
Visit website
EP 81: Hacking Visual Studio Code Extensions
The Hacker Mind
by Robert Vamosi
5M ago
Rather than use backdoor exploits, attackers are stealing credentials going through the front door. How are they gaining credentials. Sometimes it’s from the tools we trust. Paul Geste and Thomas Chauchefoin discuss their DEF CON 31 presentation Visual Studio Code is why I have (Workspace) Trust issues as well as the larger question of how much we should trust tools that we depend on daily ..read more
Visit website
EP 80: Ghost Token
The Hacker Mind
by Robert Vamosi
5M ago
What if an GPC project OAUTH access token wasn’t deleted? This could expose databases to bad actors. Tal Skeverer from Asterix discusses his DEF CON 31 presentation GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps.  ..read more
Visit website
EP 79: Conducting Incident Response in Costa Rica Post Conti Ransomware
The Hacker Mind
by Robert Vamosi
6M ago
How do you conduct an incident response for an entire country? When it’s 27 different life-critical government ministries each with up to 850 individual devices -- that’s uncharted territory. Esteban Jemenez of Atti Cyber talks about his experience with the reconstruction of the cybersecurity system following Conti, how the country handled a second ransomware attack from the Hive ransomware group, and we'll discuss what yet remains to be done to secure Costa Rica -- and other Latin American countries from future attacks ..read more
Visit website
EP 78: Defending Costa Rica From Conti Ransomware
The Hacker Mind
by Robert Vamosi
6M ago
What is is like to hack an entire country, to take it’s government services offline, to deny a government an ability to function? Costa Rica knows. Esteban Jimenez of AttiCyber has been helping Costa Rica improve its cybersecurity posture for more than 16 years, and he has been helping them recently recover from a crippling ransomware attack in April 2022 that hit 28 ministries of the government. Central and Latin America appear to be a new playground for bad actors testing new malware. But Central and Latin America are learning how to fight back ..read more
Visit website
EP 77: Security Chaos Engineering with Kelly Shortridge
The Hacker Mind
by Robert Vamosi
7M ago
Speaking at Black Hat 2023, Kelly Shortridge is bringing cybersecurity out of the dark ages by infusing security by design to create secure patterns and practices. It’s a subject of her new book on Security Chaos Computing, and it’s a topic that’s long overdue to be discussed in the field ..read more
Visit website
EP 76: Hacking Medical Systems
The Hacker Mind
by Robert Vamosi
7M ago
Are we doing enough to secure our health delivery organizations? Given the rise of ransomware attacks, one could day we are not. Karl Sigler from Trustwave SpiderLabs, talks about a new report that his team has written that is focused on the threat landscape for medical devices and the healthcare industry in general ..read more
Visit website

Follow The Hacker Mind on FeedSpot

Continue with Google
Continue with Apple
OR