Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts. Check out Discourse's security program and policies.Peruse Discourse's technical blog post about it.See Discourse's announcement of the vulnerability on GitHub.Read the CISA notification on the critical RCE vulnerability in Discourse.Listen to our previous episode with Jack on election security.At Stanford, Jack is a research assistant with the Stanford Internet Observatory and Stanford Empirical Security Research Group and launched Stanford's bug bounty program, one of the first in higher education. How it works: Ransomwhere is an 'open, crowdsourced ransomware payment tracker' launched by Jack Cable, a former government cybersecurity expert who now works as a security architect for Krebs Stamos Group. Jack was named one of Time Magazine's 25 most influential teens for 2018. The ransomwhe.re site has been created by Jack Cable, a. After placing first in the Hack the Air Force challenge, Jack began working at the Pentagon's Defense Digital Service. A security expert has launched a site to keep a publicly trackable record of bitcoin payments to key ransomware gangs, such as REvil. Jack is a top-ranked bug bounty hacker, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the US Department of Defense. Jack formerly served as an Election Security Technical Advisor at CISA, where he led the development and deployment of Crossfeed, a pilot to scan election assets nationwide. Jack Cable is a security researcher and student at Stanford University, currently working as a security architect at Krebs Stamos Group. Tod highlights some of the many things Discourse is doing right with its security program.
#STAMOS GROUP RANSOMWHERE CODE#
Stick around for our Rapid Rundown, where Tod and Jen talk about a remote code execution vulnerability that open-source forum provider Discourse experienced recently, which CISA released a notification about over the weekend. They chat about how Cable came up with the idea, the role of cryptocurrency in tracking these payments, and how better data sharing can help combat the surge in ransomware attacks. Finally, Stormous claimed to obtain 200GB of data belonging to Epic Games. Discussions began to revolve around some of these attacks being carried out by other threat actors, with the Stormous group making it seem like they did it. In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker. The Russian group behind the attacks has been using generic tools and techniques developed by other hackers, which both reduce its costs and makes it more difficult to track and identify.' In the SANS Newsbites post, Murray notes that 'Our grid may or may not be more vulnerable than that of the Russians, but we are much more dependent. MaThe Stormous ransomware group has touted itself as the actor behind some attacks since early 2022.
0 kommentar(er)
