fireeye

Formed from the amalgam of FireEye and McAfee Enterprise, Trellix is one of the world's biggest suppliers of cybersecurity technology, serving a decent proportion of the Fortune 500 list of companies.

On this episode of the Tech Means Business podcast, we're joined by old friend Daryush Ashjari to talk about the new company's offerings, especially its XDR (eXtended detection and response) capabilities.

As companies struggle to juggle multiple security tools and have separate detection and remediation systems, sometimes it's enough just to keep from going under a deluge of red flags from different parts of the cybersecurity stack.

XDR offers organizations a single place where SecOps can get full oversight of all parts of the enterprise's networks, from the smallest SoC up to powerhouse VMs in distant clouds. This is total insight presented to time- and resource-poor cybersecurity teams.

Bringing years of experience to what's now called Trellix, Daryush helps us shed some light on the problems facing many security teams in the face of increased state-sponsored hackers, as well as the usual collection of avaricious cybercriminals preying on the internet's low-hanging fruit.

If you suspect your IT security is lacking, or you're struggling to recruit enough skilled cyber staff to discover and remediate threats, Trellix may well have the answer.

You can learn more about XDR, the theory, and practice here:
https://www.trellix.com/en-us/about/why-trellix.html

Read the latest threat report:
https://www.trellix.com/en-us/threat-center/threat-reports/apr-2022.html

Trellix virtual events:
https://trellixxpanddigital2022.virtualevents-hub.com/

Daryush Ashjari's LinkedIn is here:
https://www.linkedin.com/in/daryush-ashjari-6857641/

And Joe "Wicked Panda" Green is here:
https://www.linkedin.com/in/josephedwardgreen/

Flare-On takaisinmallinnushaaste
http://flare-on.com/

Palveluntarjoajia uhkaavat aurinkopurskaukset
https://www.ics.uci.edu/~sabdujyo/papers/sigcomm21-cme.pdf

Turvakäräjien suositus aurinkopurskauksiin: folio
https://lutpub.lut.fi/handle/10024/69816

Team Cymrun hämmentävä työkalu
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru

Confluencessa vakava haavoittuvuus, hyväksikäyttöä havaittu Suomessa
https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_25/2021

Confluence-haavoittuvuuden toimintaperiaate
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

Kabulissa (m)ircataan
https://www.defenseone.com/threats/2021/08/inside-final-hours-kabul-airport/184975/

Schoberilta varastettiin virtuaalivaluuttaa
https://arstechnica.com/tech-policy/2021/08/man-robbed-of-16-bitcoin-hunts-down-suspects-sues-their-parents/

Krebsin artikkeli virtuaalivaluuttavarkauden selvityksestä
https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/

At a conference of chief technology officers in 2016, General Michael Hayden, former head of, at different times, both the NSA and the CIA, told the audience, “Cyberwar isn’t exactly war, but it’s not not-war, either.” 

Cyberattacks, at the nation-state level, were already almost a decade old at that point. In 2007, over the course of 22 days a Russian attack on Estonia took out commercial and government servers, online banking, and the Domain Name System,” without which people can’t find or look up websites and online servers. The attack carried into the cyber realm an already heated political conflict between the two nations, and Estonia’s economy was as much under attack as its information infrastructure.

In 2010, we learned of the U.S.–Israeli attack on Iran and its uranium centrifuges, known as  Stuxnet.

In 2015, a concerted attack, believed to have been Russian, on the power grid of another east European nation, Ukraine, left more than 200,000 people without electricity for at least several hours. It was the first attack on a grid, and perhaps the first large-scale SCADA attack—that is, on the control systems of critical infrastructure. Follow-up attacks struck the railway, television, and mining sectors. 

In 2016, right around the time General Hayden was warning American audiences of the dangers of cyberwar, Russia, in conjunction with a private firm, Cambridge Analytica, and elements of the U.S. Republican party, crafted a disinformation campaign to influence the presidential election that year. Russia and Cambridge Analytica also undermined the Brexit referendum in the U.K. earlier that year.

Since then, we’ve seen entire families of malware appear, such as Trickbot. Arguably even worse was the recent SolarWinds hack, which in effect was an attack on what we might call the software supply chain. As many as 18 000 different organizations using SolarWinds may have been affected. Worse, the effects of the hack may have been reached out into other networks and therefore been exponential. For example, both Microsoft and security firm FireEye were affected, and they each have many enterprise customers.

As the fourth-century Roman poet Juvenal asked, Quis custodiet ipsos custodes? Who shall guard the guardians themselves?

A @RadioSpectrum1 conversation with Justin Cappos who heads the Secure Systems Laboratory at @NYU. On @Spotify and @IEEESpectrum https://spectrum.ieee.org/multimedia/podcasts

Bob Kruse is the CEO and Cofounder of Low Rider Security, an early-stage cybersecurity startup in stealth mode. Prior to starting Low Rider, Bob was CRO at Obsidian Security, Head of Sales at Demisto.  If you’re a founder of a B2B startup and are of the mindset that “if you build, they’ll come”, you definitely don’t want to miss this episode. 

HelSecin virtuaalinen tapaaminen 21.1.2021
https://www.meetup.com/HelSec/events/275770212/

FISC:n kyberennusteet-tapahtuman nauhoitus
https://vimeo.com/497972925

Antin mielipidekirjoitus Hesarissa
https://www.hs.fi/mielipide/art-2000007732835.html

Outreachin tuore julkaisu Stalkewaresta
https://medium.com/outrch/whos-watching-you-d70460bdf390

Whatsappin käyttöehtosopimuksen todelliset vaikutukset Euroopassa
https://www.whatsapp.com/legal/updates/privacy-policy-eea
https://www.bbc.com/news/technology-55573149

SolarLeaks-sivusto julkaistu
https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/

JetBrains-toimitusketjuhyökkäysepäily
https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html

JetBrainssin vastike epäilyksiin
https://blog.jetbrains.com/blog/2021/01/06/statement-on-the-story-from-the-new-york-times-regarding-jetbrains-and-solarwinds/

Microsoft Exchange-haavoittuvuus
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16875

Steven Steeley:n blogikirjoitus haavoittuvuudesta
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html

Ubiquitin tunnukset mahdollisesti vuotaneet
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/amp/

Luodinkestäviä-palveluntarjoajia
https://www.recordedfuture.com/bulletproof-hosting-services/

Pfizerin tietoa levitetty informaatiovaikuttamistarkoituksessa
https://www.bleepingcomputer.com/news/security/hackers-leaked-altered-pfizer-data-to-sabotage-trust-in-vaccines/

Google Project Zeron havaitsema Android/Windows-kampanja
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

Arstechnica julkaisu Google Project Zeron 0-päivälöydöksistä
https://arstechnica.com/information-technology/2021/01/hackers-used-4-0days-to-infect-windows-and-android-devices/

Traficomin opas tietomurtojen havaitsemiseen
https://www.kyberturvallisuuskeskus.fi/fi/julkaisut/opas-tietomurtojen-havaitsemiseen

FireEyen julkaisema tekninen kuvaus SUNBURST-takaovesta
https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html

Bloombergin uutinen SolarWindsin tietoturvatilanteesta
https://www.bloomberg.com/news/articles/2020-12-21/solarwinds-adviser-warned-of-lax-security-years-before-hack

SolarWindsin johtohahmot möivät osakkeita juuri ennen tietoturvapoikkeaman julkaisua
https://www.washingtonpost.com/technology/2020/12/15/solarwinds-russia-breach-stock-trades/

Pfizerin koronarokote takaisinmallinnettu
https://berthub.eu/articles/posts/reverse-engineering-source-code-of-the-biontech-pfizer-vaccine/

Let's Encrypt ja Android-ongelmat
https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/

Microsoftin ja McAfeen perustama "Ransomware Task Force"
https://www.zdnet.com/article/microsoft-and-mcafee-headline-newly-formed-ransomware-task-force/

Center for Internet Security:n ohjeet kiristyshaittaohjelmatapauksissa
https://www.cisecurity.org/white-papers/security-primer-ransomware/

Cyberpunk 2077 kiristyshaittaohjelma Androidille
https://www.kaspersky.com/blog/cyberpunk-2077-ransomware/38196/

Turvakäräjät swag-kauppa
https://teespring.com/turvakarajat

HelSec virtual meetup #5-tallenteet
https://www.youtube.com/playlist?list=PLJDd2aYn8T1CNLdxEdmv_asNyFZVijskA

Hakkeriradion rahoituskampanja
https://mesenaatti.me/1916/tehdaan-yhdessa-hakkeriradio/

Velikanin / H7 tekemä HelSec ANSI-taideteos
https://twitter.com/velikani/status/1336394148006551555?s=20

FireEyen julkaisu SolarWinds Orion-tuotteeseen ujutestusta takaovesta
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Ydinaseet vaarassa SolarWinds-takaoven vuoksi
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/

ZDNetin uutisoinnit SolarWinds-aiheesta
https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/
https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/

Volexityn analyysi hyökkäyksestä
https://www.helpnetsecurity.com/2020/12/16/solarwinds-hackers-capabilities/

Helsingin Sanomien uutisointi SolarWinds-tapauksesta
https://www.hs.fi/ulkomaat/art-2000007687185.html

Vinoth Kumarin twiitti FTP-tunnuksista
https://twitter.com/vinodsparrow/status/1338431183588188160?s=21

Ghidran debugger-ominaisuus julkaistu
https://github.com/NationalSecurityAgency/ghidra/tree/debugger

Tutkijat onnistuivat lähettämään dataa käyttämällä muistia WiFi-korttina
https://www.zdnet.com/google-amp/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/

AIR-FI tieteellinen artikkeli
https://arxiv.org/pdf/2012.06884.pdf

Magecart-kollektiivi on ollut aktiivinen luottokorttitietojen varastamisessa
https://www.bleepingcomputer.com/news/security/stealthy-magecart-malware-mistakenly-leaks-list-of-hacked-stores/
https://www.bleepingcomputer.com/news/security/credit-card-stealer-hides-in-css-files-of-hacked-online-stores/
https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-hides-in-social-media-sharing-icons/

SanSecin tutkimus Magecartin käyttämästä remote access trojan (RAT)-haittaohjelmasta, joka vuotaa Magecartin uhrien tiedot
https://sansec.io/research/ecommerce-rat-leaks-victims

Revolut-virtuaalipankki
https://www.revolut.com/

Yritykset kärsivät verkkorikollisuudesta selvästi useammin Suomessa kuin muualla Euroopassa
https://yle.fi/uutiset/3-11695621

DoppelPaymer-kiristyshaittaohjelmaryhmittymä häiriköi uhrejansa nykyään puhelimitse
https://www.zdnet.com/article/fbi-says-doppelpaymer-ransomware-gang-is-harassing-victims-who-refuse-to-pay/

F-Securen 2021 kyberakatemia
https://emp.jobylon.com/jobs/70516-f-secure-cyber-security-academy-2021-finland/

Chaos ensues as we attempt our first episode before a "live studio audience" (ahem) for this special 50th episode of Random But Memorable! 🎉

Buzzers at the ready as we introduce a brand new segment: Play Your Passwords Right! What could go wrong?

Plus we announce our lucky giveaway winners, and, as usual, hurtle through the latest security happenings like some runaway news-train in Watchtower Weekly.

Log out, tune in…

Watchtower Weekly

• Troy Hunt on recent data breaches
• More than 30 UK charities affected by Blackbaud cyber attack
• Promo.com announces data breach
• Avon Cosmetics leaks 7GB of data
• Dunzo suffers data breach
• Dave data breach affects 7.5 million users
• Hackers broke into real news sites to plant fake stories
• The new ultrasonic jamming device for Amazon Echo
• Garmin staggers back online after ransomware attack
• Garmin paid multi-million dollar ransom to criminals

🏆 Giveaway Winners 

Our winners are... 

• @DXZDB
• @JeffCutler
• Owen
• @ryanfeeley

A big thanks to everyone for entering. Listen out for more giveaways coming soon!

🚨 Play Your Passwords Right 

We show a password, then reveal how many times that has been in a breach. We then show another and guess higher or lower.

To play along visit: haveibeenpwned.com/passwords

🗣 #Ask1Password

Ask us anything! Please use the #Ask1Password hashtag or send us an email at: media@1password.com

Follow Us…

• Visit 1password.com
• Check out our blog
• Tweet us @1Password
• Find us on Facebook or Instagram

Please get in touch using #Ask1Password and let us know what you think of the show, you can also leave us a review on Apple Podcasts or wherever you listen to podcasts.