logo
episode-header-image
Jun 2021
21m 45s

Exhibiting advanced APT-like behavior. [...

N2K Networks
About this episode

Guest Yonatan Striem-Amit joins Dave to talk about Cybereason's research "Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities." The Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange vulnerabilities (CVE-2021-27065 and CVE-2021-26858) in order to penetrate the network and install malware. Yonatan shares his team's findings of the investigation of the attacks, including the initial foothold sequence of the attackers, the functionality of the different components of the malware, the threat actors’ origin and the bot’s infrastructure.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Yesterday
Cyber defenders pulled into deportation duty.
DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its ... Show More
29m 49s
Oct 8
Chinese hackers serve up espionage.
Chinese hackers infiltrate a major U.S. law firm. The EU Commission President warns Russia is waging a hybrid war against Europe. Researchers say LoJax is the latest malware from Russia’s Fancy Bear. Salesforce refuses ransom demands. London Police arrest two teens over an allege ... Show More
32m 4s
Oct 7
Critical GoAnywhere bug fuels ransomware wave.
Microsoft tags a critical vulnerability in Fortra’s GoAnywhere software. A critical Redis vulnerability could allow remote code execution. Researchers tie BIETA to China’s MSS technology enablement. Competing narratives cloud the Oracle E-Business Suite breach. An Ohio-based visi ... Show More
32m 23s
Recommended Episodes
Mar 2025
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations: Wednesday, March 19, 2025
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's Chat ... Show More
8m 10s
Jul 7
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to ... Show More
10m 41s
Aug 22
Cybersecurity Today: Massive Data Exposures, Microsoft Failures, and PayPal Breach Claims
In this episode of Cybersecurity Today, host Jim Love covers a range of recent cybersecurity incidents. A major privacy failure has hit Elon Musk's Grok chatbot, exposing over 370,000 private conversations with sensitive information. Microsoft's recent security update has caused ... Show More
9m 9s
Jul 21
NPM Linter Packages Hijacked, Microsoft's China Issue, and AI in Phishing Attacks: Cybersecurity Today:
In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. Concurrently, Ukrainian CERT uncovers new phishing campaig ... Show More
17m 6s
Aug 16
Exploring the Ransomware Ecosystem with Tammy Harper
In this episode of 'Cybersecurity Today,' the host welcomes Tammy Harper from Flair.io for an in-depth exploration into the ransomware ecosystem. Tammy, a seasoned threat intelligence researcher and certified dark web investigator, shines a light on the complex world of ransomwar ... Show More
1h 13m
Mar 2025
New Ransomware As A Service Threats: Cyber Security Today for March 10, 2025
This episode also covers recent ransomware as a service (RaaS) trends, including the rise of SpearWing and Akira groups, advanced ransomware techniques exploiting IoT vulnerabilities, and issues with the ESP32 microcontroller's hidden commands. Additionally, Signal President Mere ... Show More
10m 19s
Jan 2025
Another Critical Microsoft Patch: Cyber Security Today for Wednesday, January 22, 2024
Critical Cybersecurity Updates: Avery Data Breach, Hamilton Ransomware Attack, and Microsoft Outlook Patch In this episode of Cybersecurity Today, host Jim Love covers significant cybersecurity incidents and updates. Avery experiences a massive data breach affecting 61,000 custom ... Show More
6m 13s
Sep 4
Cloudflare Fends Off A Record Breaking 11.5 Tbps DDoS Attack
In this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and sophistication of modern cybe ... Show More
11m 59s
Jan 2025
DeepSeek - New AI Disruptor Gets Hit With Cyber Attack: Cyber Security Today for Wednesday, January 29, 2025
Navigating AI Cyber Threats and Critical Infrastructure Vulnerabilities In this episode of Cybersecurity Today, host Jim Love discusses the recent cyber attack on AI platform DeepSeek that exploited open source vulnerabilities. He highlights significant challenges in U.S. cyberse ... Show More
5m 17s
Listen to millions of songs and podcasts on Anghami