Symantec Cyber Security Brief Podcast

Your weekly dose of cyber security news, hosted by threat researchers from Symantec Security Response

Episodes

Posted:

Spotlight On: BEC scams – an expensive threat

On this week’s Cyber Security Brief, Dick O’Brien, Candid Wueest and Brigid O’Gorman focus on business email compromise (BEC) scams, which are a major issue for enterprises and organizations. The FBI has estimated that between June 2016 and July 2019 more than $26 billion was lost to BEC scams globally. Our experts discuss some recent examples of BEC scams, the common tactics and techniques many of these scams share, and the steps you can take to mitigate the danger to your business from these types of scams.

Download
Posted:

Holiday shopping special: Scams to watch out for this Black Friday and Cyber Monday

On this week’s Symantec Cyber Security Brief, we bring you a holiday shopping cyber security special in advance of Black Friday, Cyber Monday, and the holiday shopping period in general. We discuss the dangers people need to be aware of when shopping online, including formjacking, fake shops, and social media scams. We discuss common scams that try to trick victims using fake delivery notices, as well as point of sale malware, which is still a threat, even as more people move to doing their shopping online.

Download
Posted:

Privacy concerns, election campaign worries, and phish-y meeting invites

On this week’s Symantec Cyber Security Brief, Dick O’Brien is joined by Brigid O’Gorman and Candid Wueest to discuss some of the big cyber security stories of the last week. This week, Ubiquiti customers are annoyed after a firmware update led to their routers sending information back to Ubiquiti HQ without their consent, a “sophisticated” attack on the UK Labour Party’s digital platforms causes consternation in the middle of an election campaign – but was it really that serious? Also, a (complicated) way to gain access to people’s Wi-Fi networks via Amazon’s Ring doorbell, a new ruling in the U.S. on whether or not border police are entitled to search your electronic devices when you’re entering the country, and beware of suspicious meeting invites.

Download
Posted:

Lasers, Bluekeep, and BEC scammers continue to cash in

On this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss the biggest cyber security news stories of the week. On this episode, we chat about how lasers could be used to hack your voice-controlled devices – including your phone, the Bluekeep attacks that have been spotted in the wild, and the ongoing repercussions surrounding the WhatsApp zero-day that was discovered in May. Also, BEC scammers cash in, the QSnatch malware hits thousands of NAS devices, and a new vulnerability in Microsoft Office for Mac.

Download
Posted:

Fancy Bear attack campaign, ransomware hits Johannesburg again, and malware hijacks Discord client

In this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss the biggest infosec stories of the week. This week we discuss Fancy Bear’s campaign against at least 16 anti-doping and sporting organizations, yet another ransomware attack on Johannesburg, and the malware that was turning the Discord client into an info-stealing backdoor. Also this week, the security researcher who discovered they could hack other people’s pet feeders, and the man who still has access to the connected car he rented – and returned – several months ago.

Download
Posted:

A second supply chain attack attempt against CCleaner, voice-controlled home assistants spying on owners, and dodgy mobile biometric authentication

In this week's Cyber Security Brief, Dick O'Brien and Candid Wueest discuss some of the biggest cyber security stories of the past week. Topics this week include a second supply chain attack attempt aimed at compromising CCleaner, how Amazon Alexa and Google Home devices can be used to spy on their owners using malicious third-party applications, problems for Samsung and Google arising from issues with biometric authentication on their mobile devices, and how a Chinese cyber-espionage group has been targeting SQL servers.

Download
Posted:

An iTunes and iCloud zero-day, ATM malware, and the Sudo vulnerability

In this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss the biggest cyber security stories of the week. In the mix this week, a zero-day in the Windows version of iTunes and iCloud, ATM malware, the Sudo vulnerability, and how it has been proved that you can insert spy chips into firewalls. Also, the stalker in Japan who used reflections in photos to track down his victim, and finally, the price paid for people’s private information on the deep and dark web.

Download
Posted:

A controversial Apple app, a far-reaching ruling from the ECJ, and many, many data breaches

In this week’s Cyber Security Brief, Dick O’Brien is joined by Candid Wueest and Brigid O’Gorman to discuss some of the biggest cyber security stories of the last week. Topics on the agenda include: controversy over Apple allowing a police-tracking app to be carried on its App Store in Hong Kong, a ruling from the European Court of Justice that could have big implications for social media platforms, new technology that claims it can identify people through walls from their gait using just Wi-Fi receivers, and a whole lot of data breaches. Also, Candid tells us about the it-sa: IT Security Expo and Congress, which he is attending and presenting at in Nuremberg, Germany, this week.

Download
Posted:

Deepfakes, disinformation, and the former NATO bunker housing a bulletproof hosting service

In this week’s Cyber Security Brief, Dick O’Brien, Candid Wueest and Brigid O’Gorman discuss the high cost of ransomware, and the emergence of disinformation-as-a-service on underground markets. We also chat about researchers finding a way to steal data from encrypted PDFs, and the bulletproof hosting service housed in a former NATO bunker in Germany that was recently shut down by police. Finally, we discuss the issue of deepfake videos, the problems they could present, and the steps Google and others are taking to tackle them.

Download
Posted:

Tortoiseshell APT group, vBulletin zero-day, and Facebook suspends thousands of apps

We’re back! The Cyber Security Brief returns for season 2. In our first episode, Dick O’Brien is joined by Brigid O’Gorman and Gavin O’Gorman (no relation) to discuss our recent research into Tortoiseshell, an APT group we recently discovered using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. We also discuss the recently revealed vulnerability in vBulletin, the release of iOS 13, a ransomware attack on a healthcare facility in Wyoming, and Facebook suspending thousands of apps from its platform.

Download