A former NSA hacker breaks down the FireEye hack 

Yup, I cannot agree more.. But I'll like to add to your list those companies that know they have been breached and hide it like Equifax.

@@geogmz8277 Yup. Fair point, and good call!

This people calling out fireeye must be related to the guys asking the Google CEO if turtles are able to fly lmao

So people are morons not the company that has been warned for years they were vulnerable hmmmm, yeah makes sense if you are corporate idiot like you who in their own self interest ignore the warnings then get upset when someone calls them out for it. Corporate hackers are the worst.

@@geogmz8277 a q

Why reinvent the wheel. Plus you know the tools work right of the box. Like a pro version of metasploit. GG

The purpose of stealing these offensive "Red Team" tools was to avoid detection for future exploits. The attacker can now perform virtual attacks and test their methods offline

Happens all the time. Remember that italian group HackingTeam?

there was exploits in the hack tools and russia hacked it

@@knowledge3563 How do we know Russians are to blame?

Yeah...but I like our drug dealer better that the authoritarian dictators running both Russia and China! Call me crazy..

And th te drugs being dealt is the safety and welfare of the citizenry. You analogy is poor.

Hack the biggest hacker.

Except that he is former military and NSA (meaning he knows better)and went along with the completely unsubstantiated and unofficial idea that Russia did it. He also never mentioned the term 'supply-chain attack" ONCE. Also never mentioned Solar Winds. Very bad, misleading appearance. Total hit piece.

If you read the report yourself you would disagree. www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html

@@xisudra384 this happened before solarwinds and published before it

@@Rickety3263 Thank you.

Yeyeye ' plays hackermanmusic ' types solarwind123 **"I'M IN"**

Those that need to know do ;)

They’re own write up has much of that. www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html It’s really the combination of several advanced methods that’s approaching “wow”.

What about now?

Anyone can get hacked. That’s what it says.

Any phone that are constantly updated is secure. Its what you download that can compromise your phone.

@@alphaneo9198 unless the updates are themselves compromised like what happened to Solarwinds

@@wonietang123 true but chances of Apple, Samsung, LG, Sony, etc releasing a patch with backdoors is very unlikely.

@@alphaneo9198 but still one can't rule out ZERO DAYS ....exploits ....PEGASUS spyware ....

@@alphaneo9198 I wouldn't be so sure. Some countries require access to backdoors or companies aren't allowed to import products to that market. When billions of $$ are on the line companies may comply.

No... He wreaks of a Gamer.

Correct, he's former US Marine

@@RudeSaiyan Once a Marine, always a Marine...never "former". ;-)

Enough to make believe it was CHINA

CHYNA!

Thanks I had no idea! Good thing we have a random youtuber to tell us the truth instead of credible journalists and experts who are dealing with this firsthand. I can't wait for you to show proof of your thought, cause only an ignorant Trump supporter would make a claim without any evidence, because an attack on Russia is an attack on Trump apparently.

It would NOT be China. Most of the chinese intelligence group DOES NOT have the level of sophistication as that of Russia. china uses Open Sourced tools, literally like a script kiddie, to attack an infra. And china does not have that potential resources (intelligent) to attack such as FireEye.

it must be china not russia

@@mockingbird3809 I feel there is no point in arguing with them. It always resorts to "news outlets are shills, and only websites cited by Parlor, 4chan, and Trump are credible". China apparently is the sole threat to America, and Russia is a non threatening third world state. An attack on Russia is an attack on Trump supporters 🤷‍♀️ It's the most un-Republican thing I have ever seen.

I WAS THINKING THE SAME THING AND HE HAS A GHOST LOL

I wouldn't be surprised if Trump was in on the planning of the attack. Trump from day one in 2016 has ridiculed the notion of Russian cyberattacks.

Is there any evidence it was Russia? You can make hacks look like anyone.

Microsoft Outlook SAML certificate vulnerability iirc, allowing them to gain access to networks and change code to validate an invalid update payload as valid. Not an expert but this is what I gathered. Once again Microshit.

what kind of joke this :)

PLTR is not a cybersecurity firm.

@@OM-el6oy you must do more DD www.palantir.com/wp-assets/wp-content/uploads/2013/11/Palantir-Solution-Overview-Cyber-long.pdf

@@shahul23taurus again, they are not a cybersecurity firm. The product you linked to is one which helps customers use best security practices. It also offers some other tools such as the ability to clearly understand who has access to what data. It is NOT a pure cybersecurity tool.

@@OM-el6oy Pls do some more DD Two aspects of cyber security 1. Surveillance 2. Fix the issue Palantir is top notch on the analysis and surveillance side and without finding the issue it’s hard to fix them.. Palantir Foundry helps organizations build a comprehensive, real-time view of their networks, then use that view to identify where the risk lives and who within the organization is accountable for mitigating it. With Palantir Foundry, our clients are taking targeted actions to strengthen their security posture by: - Increasing their ability to reduce risk by an order of magnitude - Generating live risk benchmarks on a national level among peer organizations - Automating arduous compliance and risk reports while increasing the level of granularity Palantir Foundry represents a return to security first principles: count your doors, make sure they're locked, and prioritize your most valuable assets. By creating a comprehensive, dynamic view of a network in Palantir Foundry, organizations can implement and strengthen basic cybersecurity hygiene practices-and from there, monitor activity for more complex attacks. www.cybersecurityintelligence.com/palantir-6928.html Gotham was also used by cyber analysts at Information Warfare Monitor, a Canadian public-private venture which operated from 2003 to 2012. Palantir Metropolis is used by hedge funds, banks, and financial services firms.

Why? To analyze the severity of the data breach? I'm sure they would predict turmoil in the U.S. for 2021

Lol

Sorry. Get real. Not possible. There is no planet B.

Not as simple as you think. Besides, the Russians and Chinese will just attack from somewhere else. No factor for them.

Just about everything is connected to the internet.

What do you think a server is?

@@OM-el6oy I know what a server is! We had them before the internet!

Linux wouldnt stop any kind of an attack like this.

@@poppacode303 Thanks for the info!

Ethical hackers are essential

Doesn’t hunter123 suffice?

And your point being?

Why

@MR. VIP I live in the US! I totally agree with you when it comes to the company's reputation. However I still cannot understand how some companies do not encrypt documents or emails with the associated key?

Because it doesn’t guarantee against a breach. Worthy info sec is very expensive and requires cooperation within an organization that may not want to make big changes. It may even sink a company.

@@az-tl3mh That is awful to hear mate. I wish things get better for both of us. What is the most challenging thing you are facing since graduating? if you don't mind me asking

Not really, we just need more people in the cyber security field. Its such a new field of study anythings possible.

@@21cabbage22 The problem is the complex web of legality behind it and they way it blocks a LOT of potential talent who lack the money to go to school (thus get a job in that field) and also have an aversion to the military training (bootcamp etc) which they would have to get through just to what ultimately amounts to being a nerd in camo with a security clearance and a very private life for much of the rest of their existence. Also, you and I could agree to not press charges and consent to allow each other to try and hack the other persons machine first in a game of CTF, but if you or I attempted to hack a hardened machine on a Russian gov network and got caught by our government in the US we would be charged with a list of crimes that would end up giving us hundreds of years in prison hit with everything from violating the computer fraud and abuse act to committing an act of war against a foreign nation. On the other hand, in Russia...if you hack an American corporation or a government network the Russian government has the attitude of "what are we really going to do to these people huh, they love their country so much...is it a crime?" because at the end of the day it is doublespeak for "we actively target the US constantly". They play dumb officially, and use hacking group names to blend in with a dark scene because it provides great cover for the fact that they are basically acting like digital terrorist cells and this shunts a lot of attention to groups they have nothing to do with and gives them deniability, which prevents our retaliation...because unlike them we have actual rules of engagement when it comes to sanctioning a cyber attack. Also make no mistake, powerful people in Russia's government take a kickback from the "groups" who build massive wealth from ransomware, bank hacks and theft of corporate IP.

@@no1special999 Yea really a cluster f*** of a situation. We should have been ready for an attack like this. Atleast the NSA hasnt been hacked yet.... a little surprised they didn’t notice the breach until recently. But russia should be held 100% responsible lets see what happens.

Huh?

Thanks I had no idea! Good thing we have a random youtuber to tell us the truth instead of credible journalists and experts who are dealing with this firsthand. I can't wait for you to show proof of your thought, cause only an ignorant Trump supporter would make a claim without any evidence because an attack on Russia is an attack on Trump apparently.

Has nothing to do with this, but ok troll