The MattChrobok’s Podcast – Details, episodes & analysis

Social Media make us unhappy and no, it’s not just an opinion, but scientific fact. Source: https://zurl.co/V0U90 #shorts

The greatest data leak in history?! For the past few days, a bit of news are spreading like wildfire about a leak of 16 billion passwords from Google, Apple and Facebook. But as you know: it’s not so easy. #shorts #leak #databreach #cybersecurity

The internet talks about a MASSIVE leak from Steam, involving about 90 million users. Is your account in danger? Sources: https://zurl.co/UU66G? #cybersecurity #leak #steam #shorts

SignalGate isn’t the only gaffe made by Mike Waltz. Sources: https://zurl.co/Hj4b8 https://zurl.co/9Bz3e #SignalGate #MikeWaltz #cybersecurity #USA #shorts

💬 Telegram is one of the most popular messaging apps in the world, with nearly a billion users,. When its founder, Pavel Durov was arrested in France lately there’s been quite an uproar. This is censorship! But is it really? It’s a great opportunity to talk about the problems associated with Telegram and why it’s better not to use it. Sources: 📲 Most Popular Messaging Apps (2024) https://explodingtopics.com/blog/messaging-apps-stats 🚪 The Most Backdoor-Looking Bug I’ve Ever Seen https://words.filippo.io/dispatches/telegram-ecdh/ 🔐 Telegram: Crowdsourcing a More Secure Future https://telegram.org/blog/crowdsourcing-a-more-secure-future 🤔 Telegram: Can I get Telegram's server-side code? https://telegram.org/faq#q-why-not-open-source-everything 📊 Security Analysis of Telegram (Symmetric Part) https://mtpsym.github.io/ 🔨Looking back at how Signal works, as the world moves forward https://signal.org/blog/looking-back-as-the-world-moves-forward/ 🤨 What is VLOP? https://panoptykon.org/vlop ❌ Telegram still doesn't meet large platform requirements under DSA https://www.euronews.com/next/2024/08/21/telegram-still-doesnt-meet-large-platform-requirements-under-dsa 💵 The Telegram Billionaire and His Dark Empire https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8 👥 Russia's VKontakte CEO says he was fired, flees Russia https://www.reuters.com/article/markets/commodities/russias-vkontakte-ceo-says-he-was-fired-flees-russia-idUSL6N0NE1HS/ 🇷🇺 Pavel Durov has visited Russia more than 50 times since his "exile" in 2014 https://istories.media/en/news/2024/08/27/pavel-durov-has-visited-russia-more-than-50-times-since-his-exile-in-2014/ 🚫 Russia lifts ban on Telegram messaging app after failing to block it https://www.reuters.com/article/technology/russia-lifts-ban-on-telegram-messaging-app-after-failing-to-block-it-idUSKBN23P2DY/ 🇨🇺 Telegram blocked in Cuba? Civil society demands answers https://www.accessnow.org/press-release/telegram-blocked-in-cuba-civil-society-demands-answers/ 📨 Russia blocks Signal messaging app as authorities tighten control over information https://apnews.com/article/russia-crackdown-signal-messenger-blocked-2adc9c67fc749727c41375f5b5ffb2a3 8️⃣ Eight signs of the difference of Telegram, one of Russia's most successful projects https://texty.org.ua/articles/112347/eight-signsof-danger-telegram-one-russias-most-successful-projects/ 🥷 State-backed attackers and commercial surveillance vendors repeatedly use the same exploits https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/ 🤬 Telegram is shutting down a channel that called for violent protests against Iran’s government https://www.vox.com/2017/12/30/16833542/telegram-iran-demostrations-messaging-protests-pavel-durov ⚖️ Telegram is now keeping laws, at least a little https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdaten-an-das-bundeskriminalamt-a-0e4d3fcb-8081-4b87-b062-db412bbc294b 💰 Who is funding Telegram? How a decade of unprofitability hasn't stopped the messenger app from growing https://www.pravda.com.ua/eng/articles/2023/10/1/7422200/ 🇩🇪 Germany and Wirecard. Europe's biggest financial fraud https://instytutsprawobywatelskich.pl/niemcy-i-wirecard-najwieksze-oszustwo-finansowe-europy/ ⛓️‍💥 Kremlin Denies Putin Met Telegram Boss Durov Before Arrest in France https://www.themoscowtimes.com/2024/08/26/kremlin-denies-putin-met-telegram-boss-durov-before-arrest-in-france-a86150 📱 WSJ: France, UAE hacked Telegram CEO Durov's iPhone in 2017 https://news.az/news/wsj-france-uae-hacked-t-elegram-ceo-durov-s-iphone-in-2017 🫨 Russian Military Bloggers Are Panicking After Telegram Chief's Arrest https://www.newsweek.com/russian-military-bloggers-arrest-telegram-pavel-durov-1944293 🗣️ Nechaev urged the opposition parties of France to support the release of Durov https://ria.ru/20240825/durov-1968384140.html 👨‍💼 Telegram’s CEO and Founder Durov Under Arrest: Cybercriminals React https://www.kelacyber.com/durov-telegram-ceo-under-arrest/ Relevant xkcd: https://xkcd.com/1810/ © All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement. My socials: Instagram @mattchrobok https://www.instagram.com/mattchrobok/ Twixxer @ChrobokMatt https://twitter.com/ChrobokMatt Mastodon https://infosec.exchange/@mateuszchrobok LinkedIn @mateuszchrobok https://www.linkedin.com/in/mateuszchrobok/ TikTok @mattchrobok Facebook https://www.facebook.com/mattchrobok Chapters: 00:00 Intro 00:59 Encryption 04:18 MTProto 11:08 Privacy 16:00 Anti-system 23:58 Cooperation 29:39 Money 34:37 Arrest 39:52 Reaction 43:36 What To Do And How To Live? #Telegram #privacy #Durov #Russia #freespeech

Don’t forget your swords: one for men, the other for… Monsters that lurk online! Sources: https://zurl.co/H5yjx #cybersecurity #witcher #Ciri #Geralt #cdprojektred #shorts

It began with internet issues and a cash register that stopped working. Then, the traffic lights stopped doing their job, a manhole overflowed and phone coverage was busted. #blackout #energy #Portugal #Spain

🪆 APT29 — the cyber espionage group linked to Russia’s Foreign Intelligence Service — took control of Orion, a SolarWinds software. At the time, it was the largest-ever supply chain attack, a highly complex operation that led to some truly astonishing consequences. This is the second episode in this series of tales from the dark corners of cyberspace, where I explore cybercriminal groups with ties to global intelligence agencies. Sources: 📣 It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US https://www.theregister.com/2021/04/15/solarwinds_hack_russia_apt29_positive_technologies_sanctions/ 🐤 Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/ 🗑️ OS Credential Dumping, MITRE ATT&CK https://attack.mitre.org/techniques/T1003/ 🕵🏻 Russian cyberspies targeted the Slovak government for months https://therecord.media/russian-cyberspies-targeted-slovak-government-for-months 🤔 What Is Cobalt Strike and How Does It Work? https://www.cynet.com/network-attacks/cobalt-strike-white-hat-hacker-powerhouse-in-the-wrong-hands/ 🇫🇷 France warns of Nobelium cyberspies attacking French orgs https://www.bleepingcomputer.com/news/security/france-warns-of-nobelium-cyberspies-attacking-french-orgs/ 😶‍🌫️ FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor https://www.microsoft.com/en-us/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/ 🖲️ Trello From the Other Side: Tracking APT29 Phishing Campaigns https://www.mandiant.com/resources/blog/tracking-apt29-phishing-campaigns 💾 Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/ ☑️ MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone https://www.microsoft.com/en-us/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/ 🇵🇱 NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine 🇷🇺 CERT Polska i SKW ostrzegają przed działaniami rosyjskich szpiegów https://cert.pl/posts/2023/04/kampania-szpiegowska-apt29/ 🔎 Kampania szpiegowska wiązana z rosyjskimi służbami specjalnymi https://www.gov.pl/web/baza-wiedzy/kampania-szpiegowska-wiazana-z-rosyjskimi-sluzbami-specjalnymi 🧑‍💻 Midnight Blizzard conducts targeted social engineering over Microsoft Teams https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ 💥 APT29 Attacks Embassies Using CVE-2023-38831 https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/november/APT29 attacks Embassies using CVE-2023-38831 - report en.pdf 👍🏻 AlessandroZ / LaZagne @ GitHub - PublicCredentials recovery project https://github.com/AlessandroZ/LaZagne Relevant xkcd: https://xkcd.com/1573/ © All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement. My socials: Instagram @mattchrobok https://www.instagram.com/mattchrobok/ Twixxer @ChrobokMatt https://twitter.com/ChrobokMatt Mastodon https://infosec.exchange/@mateuszchrobok LinkedIn @mateuszchrobok https://www.linkedin.com/in/mateuszchrobok/ TikTok @mattchrobok Facebook https://www.facebook.com/mattchrobok Chapters: 00:00 Intro 01:09 2021 StellarParticle 05:22 2021 Diplomats 08:37 2022 Trello 13:56 2023 ADFS 17:14 2023 Difference 20:06 2023 TeamCity 21:42 What To Do And How To Live? #APT29 #SVR #Russia #Moscow #Kremlin

The British government has demanded that Apple give them unlimited access to iCloud user data stored in the cloud. With a backdoor. Sources: https://zurl.co/sJxYH https://zurl.co/nOfhT #Apple #UK #iCloud #privacy

👂 Can an employer snoop on their employees' network traffic and how? Does encryption protect against such voyeurism? Is it even legal? I will do my best to answer these questions. Let’s go! Sources: ❓What is a router? https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-router/ 🛜 My home network: Ubiquiti UniFi gear, fiber gigabit Internet, CAT6 and CAT3 wiring https://jeffwilcox.blog/2018/04/seattle-network/ 🔐 Data Loss Prevention (DLP) https://www.imperva.com/learn/data-security/data-loss-prevention-dlp/ 🇬🇧 The UK's data protection legislation https://www.gov.uk/data-protection 📟 Electronic Communications Privacy Act of 1986 (ECPA) https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285#0-0 💉BSNL is injecting code on to your browsers, and here's what it does. #SaveTheInternet https://internetfreedom.in/taking-a-closer-look-at-bsnls-code-injections-savetheinternet-2/ 🤔 What is Deep Packet Inspection? How it Works and Why It Is Important https://www.endpointprotector.com/blog/what-is-deep-packet-inspection-how-it-works-and-why-it-is-important/ 🔍 Deep inspection https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/122078/deep-inspection 🇪🇬 Egypt launches deep-packet inspection system https://www.theverge.com/2014/9/17/6350191/egypt-launches-deep-packet-inspection-with-help-from-an-american 📩 Regex validation of email addresses according to RFC5321/RFC5322 https://stackoverflow.com/questions/13992403/regex-validation-of-email-addresses-according-to-rfc5321-rfc5322 📑 unknown scripts are running and redirecting on click to unknown websties https://stackoverflow.com/questions/51064933/unknown-scripts-are-running-and-redirecting-on-click-to-unknown-websties 🖥️ Technical Tip: Blocking and monitoring Tor traffic https://community.fortinet.com/t5/FortiGate/Technical-Tip-Blocking-and-monitoring-Tor-traffic/ta-p/196239 📊 Analyzing Tor traffic through Deep Packet Inspection? https://security.stackexchange.com/questions/237082/analyzing-tor-traffic-through-deep-packet-inspection Relevant xkcd: https://xkcd.com/208/ © All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement. My socials: Instagram @mattchrobok https://www.instagram.com/mattchrobok/ Twixxer @ChrobokMatt https://twitter.com/ChrobokMatt Mastodon https://infosec.exchange/@mateuszchrobok LinkedIn @mateuszchrobok https://www.linkedin.com/in/mateuszchrobok/ TikTok @mattchrobok Facebook https://www.facebook.com/mattchrobok Chapters: 00:00 Intro 00:21 The Rrrole of Rrrrouters 02:19 Insides 04:01 Work 06:56 Leak 08:35 Lawfulness 12:20 More? 15:02 What To Do And How To Live? #data #leak #Surveillance #networking #work