On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsoft loses a bunch of cloud logs Veeam and Fortinet are bad and should feel bad North Koreans are good (at hacking) And much, much more. This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. This episode is also available on Youtube. Show notes Four cyber companies fined for SolarWinds disclosure failures U.S. charges Sudanese men with running powerful cyberattack-for-hire gang Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive Risky Biz News: Apple wants to reduce the lifespan of TLS certificates to 10 days Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica Hackers reportedly impersonate cyber firm ESET to target organizations in Israel The latest in North Korea’s fake IT worker scheme: Extorting the employers

On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including: Chinese spooks all up in western telco lawful intercept Jerks ruin the Internet Archive’s day Microsoft drops a great report with a bad chart The feds make their own crypto currency and get it pumped Forti-, Palo- and Ivanti-fail And much, much more. This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs. This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE) Show notes White House forms emergency team to deal with China espionage hack - The Washington Post DDoS attacks on Internet Archive continue after data breach impacting 31 million Microsoft Digital Defense Report 2024 Ransomware encryption down amid surge of attacks, Microsoft says | CyberScoop Russian court websites down after breach claimed by pro-Ukraine hackers Ukrainian anti-corruption agency reportedly finds no violations in disclosures of top cyber official Trump campaign turns to secure hardware after hacking incident | Reuters FBI creates its own crypto token to nab suspects in alleged fraud scheme District of Massachusetts | Eighteen Individuals and Entities Charged in International Operation Targeting Widespread Fraud and Manipulation in the Cryptocurrency Markets | United States Department of Justice Critical CVE in 4 Fortinet products actively exploited | Cybersecurity Dive Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024 Palo Alto Expedition: From N-Day to Full Compromise Ivanti up against another attack spree as hackers target its endpoint manager | Cybersecurity Dive 1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies · GitHub Recently-patched Firefox bug exploited against Tor browser users Two never-before-seen tools, from same group, infect air-gapped devices - Ars Technica A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security Opinion | The Cyber Sleuth - Washington Post

In this edition of Snake Oilers we hear pitches from three security vendors: Sandfly Security: An agentless Linux security platform that actually sounds very cool Permiso: An identity security platform founded by ex FireEye folks Wiz: The cloud security giant is getting in on code security scanning You can watch this edition of Snake Oilers on YouTube here.

Patrick Gray and Adam Boileau discuss the week’s infosec news with everyone’s favourite ex-NSA big-brain, Rob Joyce. They talk through: Musk and Durov bow to government pressure Tiktok rushes to ban authoritarian propagandists The US doesn’t want Chinese software in its cars Kaspersky replaces itself with an AV no one has ever heard of Aussie police chalk up another crimephone takedown Press Win-R Ctrl-V to prove you’re human And much, much more. This week’s show is brought to you by Stairwell, and Stairwell’s founder Mike Wiacek will be along to talk about how people are using their platform to hunt down detection resistant malware. A video version of this episode is also available on Youtube. Show notes Elon Musk backs down in his fight with Brazilian judges to restore X | Elon Musk | The Guardian Telegram says it will share phone numbers and IP addresses of ‘bad actors’ to authorities Jane Lytvynenko on X: "Ukrainian cybersecurity officials are limiting the use of Telegram for military, critical infrastructure, and other authorities. Budanov said he has “substantiated data” on Ru authorities having access to personal messages on TG, including removed ones. https://t.co/xOcnf7am9R" / X TikTok blocks dozens of Kremlin-backed media accounts Biden administration proposes rule banning Chinese, Russian connected vehicles and parts Some Kaspersky customers receive surprise forced-update to new antivirus software | TechCrunch Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’ Police announce takedown and arrest mastermind behind criminal comms platform 'Ghost' Turning Everyday Gadgets into Bombs is a Bad Idea « bunnie's blog Iranian-linked election interference operation shows signs of recent access | CyberScoop Republicans demand FBI hearing on Iran theft of Trump documents Ermittlungen im Darknet: Strafverfolger hebeln Tor-Anonymisierung aus | tagesschau.de DOJ charges hackers for stealing $230 million in crypto from individual This Windows PowerShell Phish Has Scary Potential – Krebs on Security You can now use Apple’s best iPhone Mirroring feature on your Mac and iPhone | TechRadar

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Hezbollah’s attempts to avoid SIGINT with pagers ends in explosions The US shines many bright lights on RT’s disinfo role Australia counters Chinese bullying in the Pacific Valid accounts are the most prevalent entry point, says CISA’s data Ivanti and Fortinet vie for worst vendor of the week Krebs writes up the shift towards charging The Com with terrorism And much, much more… This week’s episode is sponsored by Push Security, who bring security visibility to where it needs to be these days – the browser. Luke Jennings joins this week’s show to discuss how phish-kit crews are driving the arms race forward, and how detection has to adapt and go where the users are. This episode is also available on Youtube. Show notes Israel planted explosives in Hezbollah's Taiwan-made pagers, sources say | Reuters How Hezbollah used pagers and couriers to counter Israel's high tech surveillance | Reuters Biden administration unveils new evidence of RT’s key role in Russian intelligence operations globally | CNN Politics Meta bans RT days after U.S. accused Russian outlet of disinformation U.S. to file charges in Trump campaign hacking case, officials say China suspected of hacking diplomatic body for Pacific islands region Chinese-made port cranes in US included 'backdoor' modems, House report says Stolen account info still chief risk for federal agencies, annual CISA audit finds Notice of Recent Security Incident | Fortinet Blog WordPress.org to require two-factor authentication for plugin developers | CyberScoop Multiple attacks force CISA to order agencies to upgrade or remove end-of-life Ivanti appliance Ivanti Endpoint Manager and Ivanti Endpoint Manager Security Suite and Ivanti Cloud Service Application (CSA) - End Of Life (EOL) The Dark Nexus Between Harm Groups and ‘The Com’ – Krebs on Security Feds sentence 12 crypto thieves behind SIM swaps, home invasions Ex-CrowdStrike employees detail rising technical errors before July outage | Semafor Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information’ US hits Intellexa spyware maker with more sanctions (1) BolivarCucuta on X: "Encuentran muerto al ciudadano israelí Yariv Bokor en Medellín En un apartamento de El Poblado, Medellín, fue encontrado sin vida el ciudadano israelí Yariv Bokor, con aparentes signos de violencia. Bokor estaba vinculado a la empresa Sandvine, la cual tiene relación con NSO https://t.co/EeY1os1omW" / X Instagram to bolster privacy and safety features for millions of teen users Mastercard buys Recorded Future for $2.65 billion | CyberScoop

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Russia’s disinformation peddlers face multifaceted sternness from the DoJ Telegram is now law enforcement’s bestest new pal, all of a sudden Iran’s banking industry arranges a payment plan for a ransom Columbia investigates how it sent private jets full of cash to pay for Pegasus Microsoft innovates with Un-Patch Tuesday And much, much more. This week’s sponsor is Kroll Cyber, and one of their incident responders Paul Wells joins to discuss that one weird trick that actually helps - preparing for an incident before hand, rather than learning all those hard lessons in the middle of a crisis. This week’s episode is also available on Youtube.

In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies: Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst SlashID, an identity security company that can crunch your logs to find attackers You can watch this edition of Snake Oilers on YouTube here. Show notes Welcome | authentik Dropzone AI: Reinforce your SOC with AI Analysts The identity stack to protect users and non-human identities | SlashID

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Brazil’s supreme court bans X-formerly-Twitter, Iranian cyber teams cooperate with ransomware crews While North Koreans wield chrome-windows 0-day Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet The White House is coming for your unsigned BGP announcements And much, much more. This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is! You can also watch this episode on Youtube. Show notes Brazil X ban: Top court judges uphold block of Musk's platform Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA Malicious North Korean packages appear again in open source code repository North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions Chinese ‘Spamouflage’ operatives are mimicking disillusioned Americans online Researchers uncover ‘SlowTempest’ espionage campaign within China City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica Bypassing airport security via SQL injection Cyberattack hits agency responsible for London’s transport network German air traffic control agency confirms cyberattack, says operations unaffected White House calls attention to ‘hard problem’ of securing internet traffic routing Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security

On this week’s show, Patrick Gray and Adam Boileau discusses the week’s security news, including: Telegram founder’s arrest in France Volt Typhoon 0days some SD-WAN gear Russia frets about Ukraine all up in Kursk’s webcams Cybercriminals social engineer payment card NFC relay attacks in the wild The slow burn of Active Directory name collisions And much, much more. This week’s episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly. You can also watch this week’s show on Youtube. Show notes Pavel Durov: Telegram CEO's arrest part of larger investigation Keep Pavel Durov LOCKED UP Internet mogul Kim Dotcom to be extradited to the US, NZ justice minister says New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ – Krebs on Security Oil industry giant Halliburton confirms 'issue' following reported cyberattack Seattle airport confronts 4th day of cyberattack outages | Cybersecurity Dive Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine In a Kyiv hangar, Ukraine launches a cyber range for everyone U.S. military, on Tinder, says to swipe left on Iran-backed militants - The Washington Post CISA officials credit Microsoft security log expansion for improved threat visibility | Cybersecurity Dive Suspect in $14 billion cryptocurrency pyramid scheme extradited to China Android malware used to steal ATM info from customers at three European banks Novel technique allows malicious apps to escape iOS and Android guardrails | Ars Technica Local Networks Go Global When Domain Names Collide – Krebs on Security Attack tool update impairs Windows computers SonicWall pushes patch for critical vulnerability in SonicOS platform | CyberScoop “YOLO” is not a valid hash construction

Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO. Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content. So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including: Microsoft did a good thing! Soon all Azure admins will require MFA The three billion row National Public Data breach mess, courtesy Florida Man US govt confirms that it was Iran that hacked the Trump campaign Is TP-Link the next Huawei, or just not very good at computers? Major Chinese RFID card maker has hardcoded backdoors And much, much more. This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface. Show notes Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog phishing resistant mfa - Google Search Microsoft will require MFA for all Azure users NationalPublicData.com Hack Exposes a Nation’s Data – Krebs on Security National Public Data Published Its Own Passwords – Krebs on Security Bloomberg Law How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI Crypto firm says hacker locked all employees out of Google products for four days ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading Routers from China-based TP-Link a national security threat, US lawmakers claim Hardware backdoors found in Chinese smart cards Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research Hardware backdoors found in Chinese smart cards Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

In this conversation Risky Business host Patrick Gray speaks with SentinelOne’s Chris Krebs and Alex Stamos about what sort of cyber enabled interference we can expect in the 2024 US presidential race. Alex was the CISO at Facebook during the 2016 election, and Chris Krebs was responsible for US election security as the director of CISA in 2020. Watch the video version of this episode on Youtube.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover: Iran tries an election hack’n’leak like its still 2016 Crowdstrike takes home the Pwnie for Epic Fail at DEF CON UK healthcare SaaS faces six million pound fine for lack of MFA US circuit courts disagree on geofence warrants Our roundup of juicy Blackhat/DEF CON research And much, much more. This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through into the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems. You can also watch this week’s show on Youtube. Show notes Trump campaign points finger at Iranian hackers for documents leak FBI says it's investigating efforts to hack Trump and Biden-Harris campaigns Iranian hackers ramping up US election interference, Microsoft warns State Dept puts $10 million bounty on IRGC-CEC hackers CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says | Cybersecurity Dive Dominic White 👾 on X: "CrowdStrike accepting the @PwnieAwards for “most epic fail” at @defcon. Class act. https://t.co/e7IgYosHAE" / X Russia's Kursk region suffers 'massive' DDoS attack amid Ukraine offensive Elon Musk on X: "@markpinc Yeah" / X Progress Software says SEC declines to pursue action related to MOVEit exploitation spree | Cybersecurity Dive NHS software supplier Advanced faces £6m fine over ransomware attack failings Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms | TechCrunch 5th Circuit rules geofence warrants illegal in win for phone users’ privacy | Ars Technica Customs and Border Protection agents need a warrant to search your phone - The Verge Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say | TechCrunch ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED Downgrade Attacks Using Windows Updates | SafeBreach Listen to the whispers: web timing attacks that actually work | PortSwigger Research Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! | DEVCORE Trail of Bits Advances to AIxCC Finals | Trail of Bits Blog

In this sponsored Soap Box edition of the show we talk to Proofpoint’s Chief Strategy Officer Ryan Kalember about making security tech more people centric. We often talk about how we can use signals from users to drive some of our security tech. But what about using our security tech to drive user behaviour? Ryan thinks there are some opportunities here, particularly around identity security.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including: Crowdstrike talks loud in its postmortem, but says very little Digicert fears the CA-Browser Forum, gets lawsuit from a customer Dmitri Alperovitch joins the show to talk about the Russian prisoner swap Cloudflare continues to harbour scum and villainy Professional ransomware crew … is an improvement? And much, much more. This week’s episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer. Show notes CrowdStrike investors file class action suit following global IT outage | Cybersecurity Dive CrowdStrike rebukes Delta’s negligence claims in fiery letter | Cybersecurity Dive Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf Sparks fly when lawyers meet a certificate revocation crt.sh | Alegeus U.S. releases Russian hackers in Evan Gershkovich prisoner swap U.S. Trades Cybercriminals to Russia in Prisoner Swap – Krebs on Security Who are the two major hackers Russia just received in a prisoner swap? | Ars Technica Hackers remotely wipe 13,000 students’ iPads and Chromebooks after breaching safety software Mobile Guardian Device Management Application to be removed | MOE Ford wants patent for tech allowing cars to surveil and report speeding drivers I'm Sorry, Dave, You're Speeding | WIRED Cloudflare once again comes under pressure for enabling abusive sites | Ars Technica Low-Drama ‘Dark Angels’ Reap Record Ransoms – Krebs on Security Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say | TechCrunch Unfashionably secure: why we use isolated VMs – Thinkst Thoughts Defending AI Model Files from Unauthorized Access with Canaries | NVIDIA Technical Blog

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including: The insurance industry’s reaction to CrowdStrike’s mess Google’s Workspace email validation flaw and its consequences for OAuth’d applications Is the VMWare ESX group membership feature a CVE or an FYI? Secureboot continues to under-deliver North Korea’s revenue neutral intelligence services And much, much more This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors. This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can! Show notes Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive Delta hires David Boies to seek damages from CrowdStrike, Microsoft CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive (1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop AMI Platform Key leak undermines Secure Boot on 800+ PC models Chrome will now prompt some users to send passwords for suspicious files | Ars Technica Google Online Security Blog: Improving the security of Chrome cookies on Windows A Senate Bill Would Radically Improve Voting Machine Security | WIRED U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive Chaining Three Bugs to Access All Your ServiceNow Data Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

In this episode of Wide World of Cyber, Risky Business host Patrick Gray discusses the recent CrowdStrike incident and its implications for security software that operates in kernel space with Chris Krebs and Alex Stamos of SentinelOne, a CrowdStrike Competitor. The conversation also delves into Microsoft’s role in this whole disaster and the potential changes it could make to its operating system to prevent similar incidents in the future. A video version of this episode is also available on Youtube!

The Risky Biz main show returns from a break to the traditional internet-melting mess that happens whenever Patrick Gray takes a holiday. Pat and Adam Boileau talk through the week’s security news, including: Oh Crowdstrike, no, oh no, honey, no AT&T stored call records on Snowflake and you’ll never guess what happened next Squarespace buys Google Domains and makes a hash of it Some but not all of the SECs case against Solarwinds gets thrown out Pity the incident responders digging through a terabyte of Disney Slack dumps Internet Explorer rises from the grave, and it wants SHELLS RAAAAARGH SSHHEEELLLS And much, much more. This week’s show is brought to you by Sublime Security, a flexible and modern email security platform. If you’re sick of using a black box email security solution, Sublime is a terrific option for you. Show notes Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems Low-level cybercriminals are pouncing on CrowdStrike-connected outage | CyberScoop CrowdStrike says flawed update was live for 78 minutes | Cybersecurity Dive Crooks Steal Phone, SMS Records for Nearly All AT&T Customers – Krebs on Security Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security Teenage suspect in MGM Resorts hack arrested in Britain Majority of SEC civil fraud case against SolarWinds dismissed, but core remains | Cybersecurity Dive How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter | WIRED Kaspersky Lab Closing U.S. Division; Laying Off Workers Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED Wallets tied to CDK ransom group received $25 million two days after attack | CyberScoop UnitedHealth’s cyberattack response costs to surpass $2.3B this year | Cybersecurity Dive Ransomware ecosystem fragmenting under law enforcement pressure and distrust Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

This Soap Box edition of the show is with Mike Wiacek, the CEO and Founder of Stairwell. Stairwell is a platform that creates something similar to an NDR, but for file analysis instead of network traffic. The idea is you get a copy of every unique file in your environment to the Stairwell platform, via a file forwarding agent. You get an inventory that lists where these files exist in your environment, at what times, and from there you can start doing analysis. If you find a dodgy file you can do all the usual malware analysis type stuff, but you can also do things like immediately find out where else that file is in your organisation, or even where else it was. From there you can identify other files that are similar – variants of those files – and search for those. And you can unpack all this very, very quickly. This is the type of tool that EDR companies use internally to do threat hunting, but it’s just for you and your org – you can drive it. And as you’ll hear, the idea of a transparent, customisable and programmable security stack is something that’s on-trend at the moment. Mike lays out the case that doing this sort of file analysis in your organisation makes a whole lot of sense.

In this podcast Alex Stamos, Chris Krebs and Patrick Gray discuss the relationship between cybercrime and the state, which is often more complicated than it should be. While the US Government and its allies fight the scourge of ransomware, other governments are using it to either raise revenue or irritate their foes. North Korea sees ransomware as a money spinner, while the Kremlin enjoys poking the west in the eye with it. Join us for a breakdown of the relationships between governments who should know better and the worst types of people on the planet.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including: Widely used polyfill javascript gets hijacked by its new owners MacOS supply chain disaster bullet dodged That OpenSSH remote code exec OH MY <3 Entrust gets its CA business kicked to the kerb by Google South Korean telco intentionally viruses 600k customers Microsoft continues to deeply underwhelm And much, much more. This week’s episode is sponsored by Greynoise. Founder Andrew Morris joins to talk about ways to track attackers across NAT and VPNs, as well as how you can join in the fun of running an internet-scale honeypot network. Show notes Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites 3 million iOS and macOS apps were exposed to potent supply-chain attacks regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387) Google Online Security Blog: Sustaining Digital Certificate Security - Entrust Certificate Distrust TeamViewer: Hackers copied employee directory data and encrypted passwords South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs | Tom's Hardware CDK eyes service restoration for all car dealers by Fourth of July ‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments Patelco Credit Union ransomware attack halts banking services for nearly half a million members LockBit claims cyberattack on Croatia’s largest hospital Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree Suspected Chinese gov’t hackers used ransomware as cover in attacks on Brazil presidency, Indian health org Nearly 4,000 arrested in global police crackdown on online scam networks USD 257 million seized in global police crackdown against online scams Microsoft alerts additional customers of state-linked threat group attacks Midnight Blizzard Microsoft Email Data Sharing Request: Legit? : r/Office365 Polish Parliament strips official of immunity, clearing path for prosecution in spyware scandal Stolen credentials could unmask thousands of darknet child abuse website users WA man set up fake free wifi at Australian airports and on flights to steal people’s data, police allege Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws iOS 17 lockdown mode blocking CarPlay? : r/ios

This is a sponsored Soap Box edition of the Risky Business podcast. Abhishek Agrawal is the CEO and co-founder of Material Security, an email security company that locks down cloud email archives. Attackers have been raiding mailspools since hacking has existed, and with those mailspools now in the cloud with services like o365 and Google Workspace, guess where the attackers are going? Material built a product that helps you lock up your email data, to archive and redact sensitive information. The idea is to really just limit what an attacker can do with email data if they pop an account. Abhishek joined me to talk about a few things, like how non phishing resistant MFA is basically dead, how email content is very useful to security programs, and about how the gen AI won’t really change much on the defensive control side.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including: Julian Assange finally cuts a deal, pleads guilty, and goes free USA to ban Kaspersky - even updates Car dealer SaaS provider CDK contemplates paying a ransom Intolerable healthcare ransomware attacks continue We revisit Windows proximity bugs via wifi and bluetooth And much, much more. This week’s episode is sponsored by enterprise browser maker Island. Crowdstrike co-founder Dmitri Alperovitch is an investor in Island, and joins on its behalf to discuss why an enterprise browser is really starting to make sense. Show notes Julian Assange released from prison and has left UK, WikiLeaks says US to ban Kaspersky Lab software nationwide later this year Cyberattack on CDK Global stymies work at car dealerships across US Almost 200 cancer operations postponed as ransomware group publishes London hospitals data UK government weighs action against Russian hackers over NHS records theft South Africa’s national health lab hit with ransomware attack amid mpox outbreak Ransomware victims are becoming less likely to pay up | Cybersecurity Dive Lawmakers in Philippines push for probe into Pentagon's anti-vax propaganda operation | Reuters Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch Two bluetooth vulnerabilities in Windows Thread on reversing the patch Basic concept for the latest windows wifi driver CVE

On this week’s retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week’s security news: Microsoft recalls Recall, but why did it have to be such a mess And a Windows kernel wifi code-exec, really? Passkeys and identity are hard Scattered Spider bigwig arrested in Spain The pentagon runs a deeply flawed info-op Is it time E2E crypto nerds accept their place in the world? And much, much more. This week’s show is brought to you by Corelight… Corelight’s CEO Brian Dye will be along in this week’s sponsor interview to make a really compelling case for something that shouldn’t exist… which is NDR in cloud environments. Show notes Microsoft shelves Recall feature release after security uproar Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop Microsoft’s cybersecurity vulnerabilities endanger America US lawmakers grill Microsoft president over China ties, hacks | Reuters Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability Security bug allows anyone to spoof Microsoft employee emails | TechCrunch Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week’s show and I’ll tell you all exactly how I was wrong in next week’s show" Passkeys in Microsoft Authenticator and Entra ID Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED MFA plays a rising role in major attacks, research finds | Cybersecurity Dive Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·… Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica Windows flaw may have been exploited with Black Basta ransomware before it was patched Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World City governments in Michigan, New York face shutdowns after ransomware attacks Cleveland confirms ransomware attack as City Hall remains closed Authorities investigating extended ‘network outage’ at organization that runs TheBus Pentagon ran secret anti-vax campaign to incite fear of China vaccines Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz" Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel" Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material

On this week’s show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob’s left the government service, he’s hobnobbing with us pundits, talking through the week’s news: Apple announces a big leap for confidential cloud computing into the mass market While at the same time, letting you just mosey around your iPhone from your Mac Mandiant reports in about the Snowflake breach Moody’s say credit ratings might consider cyber incidents Microsoft fixes an Azure flaw with a… “comprehensive documentation update” And much, much more. This week’s show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico’s COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem. Show notes Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple The Wiretap: Apple’s AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X Risky Biz News: Microsoft budges on Windows 11 Recall Tenable finds an Azure flaw, Microsoft calls it a feature • The Register LendingTree confirms that cloud services attack potentially affected subsidiary Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica 7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica Urgent call for O-type blood donations following London hospitals ransomware attack Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down Cyberattacks pose mounting risks to creditworthiness: Moody’s | Cybersecurity Dive Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab FCC moves ahead on internet routing security rules | CyberScoop House Republicans propose eliminating funding for election security | CyberScoop New DJI policy: No flight record syncing for US drone pilots Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors Critical PHP CVE is under attack — research shows it’s easy to exploit | Cybersecurity Dive A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED

On this week’s show Patrick Gray and Mark Piper discuss the week’s security news, including: What on earth happened at Snowflake? A look at operation Endgame Check Point’s hilarious adventures with dot dot slash Report says the FTC is looking at Microsoft’s security product bundling More ransomware hits Russia Much, much more 404 Media co-founder Joseph Cox is this week’s feature guest. He joins us to talk about his new book, Dark Wire, which is all about the FBI’s Anom sting. This week’s show is brought to you by Resourcely. If your Terraform is a mess or your CSPM dashboards are lighting up with insane and stupid things, you should check out Resourcely. Its founder and CEO Travis McPeak will be along in this week’s sponsor interview to talk about all things Terraform. Show notes The Snowflake breach and the need for mandatory MFA Snowflake at centre of world’s largest data breach | by Kevin Beaumont | Jun, 2024 | DoublePulsar Cloud company Snowflake denies that reported breach originated with its products ‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security Treasury Sanctions Creators of 911 S5 Proxy Botnet – Krebs on Security TikTok warns of exploit aimed at 'high-profile accounts’ SEC clarifies intent of cybersecurity breach disclosure rules after initial filings | Cybersecurity Dive SEC.gov | Disclosure of Cybersecurity Incidents Determined To Be Material and Other Cybersecurity Incidents[*] Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack London hospitals declare emergency following ransomware attack | Ars Technica North Korea’s ‘Moonstone Sleet’ using fake tank game, custom ransomware in attacks OpenAI models used in nation-state influence campaigns, company says National Vulnerability Database | NIST More than 600,000 routers knocked out in October by Chalubo malware Hackers steal $305M from DMM Bitcoin crypto exchange | TechCrunch Germany's main opposition party hit by ‘serious’ cyberattack Cyberattack disrupts operations of supermarkets across Russia Rare earths miner targeted in cyber attack prior to removal of Chinese investors - ABC News Check Point - Wrong Check Point (CVE-2024-24919) Kevin Beaumont: "The latest Risky Business epis…" - Infosec Exchange This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI | WIRED FTC-industry talks over possible Microsoft probe raised recent hacking incidents - Nextgov/FCW Tim Schofield 🏴󠁧󠁢󠁥󠁮󠁧󠁿 🇬🇧 🇪🇺🗺: "@riskybusiness @metlstorm I d…" - Infosec Exchange Dark Wire: The Incredible True Story of the Largest Sting Operation Ever: Cox, Joseph: 9781541702691: Amazon.com: Books Distant Field Labs

On this week’s show Patrick and Adam discuss the week’s security news, including: Russian delivery company gets ransomware-wiper’d A supply-chain attack targets video software used in US courts Checkpoint firewalls get hacked, details as clear as mud Microsoft Recall delights hackers Aussie telco Optus gets told its IR report isn’t legal advice Cyber insurer says you’re 5x more likely to get rekt if you have a Cisco ASA And much, much more. This week’s episode is sponsored by Kroll Cyber. Alex Cowperthwaite, Kroll’s technical director research and development for offence joins to talk about how his team attacks AI models, in ways both classic and new. Show notes Major Russian delivery company down for three days due to cyberattack Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog Check Point Software customers targeted by hackers using old, local VPN accounts | Cybersecurity Dive US pharma giant Cencora says Americans' health information stolen in data breach | TechCrunch Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’ | WIRED Kevin Beaumont: "I got ahold of the Copilot+ so…" - Cyberplace Kevin Beaumont: "For those who aren’t aware, Mi…" - Cyberplace Patrick Gray on X: "You know it’s coming… Microsoft Defender Advanced Security for Recall" Microsoft Edge for Business: Revolutionizing your business with AI, security and productivity - Microsoft Edge Blog Optus loses appeal to keep Deloitte report on cyberattack secret Optus says it will defend allegations it failed to protect confidential details of 9 million customers in cyber attack - ABC News Nearly 3 million affected by Sav-Rx data breach Spyware app pcTattletale was hacked and its website defaced | TechCrunch #F**kStalkerware pt. 6 - tattling on pcTattletale Spyware maker pcTattletale shutters after data breach | TechCrunch Jeremy Kirk: "Cyber insurer Coalition releas…" - Infosec Exchange Coalition_2024-Cyber-Claims-Report TikTok says it disrupted 15 influence operations this year — including one from China Israeli private eye accused of hacking was questioned about DC public affairs firm, sources say | Reuters RansomHub claims attack on Christie’s, the world’s wealthiest auction house Open-Source Assessments of AI Capabilities: The Proliferation of AI Analysis Tools, Replicating Competitor Models, and the Zhousidun Dataset Shashank Joshi on X: "Additionally, OpenAI will retain and consult with other safety, security, and technical experts to support this work, including former cybersecurity officials, Rob Joyce [@RGB_Lights], who advises OpenAI on security, and John Carlin."

This week’s episode was recorded in front of a live audience at AusCERT’s 2024 conference. Pat and Adam talked through: Google starts using security as a marketing tool against Microsoft, along with steep discounts Microsoft announces a creepy desktop recording AI UK govt proposes ransom payment controls Arizona woman runs a laptop farm for North Korea Julian Assange just keeps on with his malarky And much, much more This week’s episode is sponsored by Tines. Its CEO Eoin Hinchy joins the show to talk about how AI can be genuinely useful in automation. Show notes (1) Dina Bass on X: "Google is offering deep discounts to government and corporate customers to entice them to switch from Microsoft Office as it attacks Microsoft's cybersecurity over recent breaches, citing US gov't cybersecurity review board report https://t.co/43sIJmBWi5" / X Microsoft president set to testify before Congress on ‘security shortcomings’ | Cybersecurity Dive Chairman Green, Ranking Member Thompson Announce Microsoft President Will Testify on Company’s Security Shortcomings Following Hack of Government Accounts – Committee on Homeland Security Google leverages Microsoft’s cyber gaps to woo Workspace customers | Cybersecurity Dive CSRB report highlights the need for a new approach to security (1) vx-underground on X: "tl;dr Microsoft introduces 24/7 surveillance functionality for the NSA and/or CIA but markets it as a feature that you'll like" / X Everything You Need to Know About Windows 11's Recall Feature Australian government warns of 'large-scale ransomware data breach' (1) National Cyber Security Coordinator on X: "The Australian Government continues to assist MediSecure, an electronic prescriptions provider, respond to a cyber incident. We are still working to build a picture of the size and nature of the data that has been impacted by this data breach impacting MediSecure. This https://t.co/oyNeRonurZ" / X HHS offering $50 million for proposals to improve hospital cybersecurity Remote-access tools the intrusion point to blame for most ransomware attacks | Cybersecurity Dive UK insurance industry begins to acknowledge role in tackling ransomware Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments Hacktivists turn to ransomware in attacks on Philippines government Arizona woman accused of helping North Koreans get remote IT jobs at 300 companies | Ars Technica US offers $5 million for info on North Korean IT workers involved in job fraud FCC might require telecoms to report on securing internet's BGP technology FCC to probe ‘grave’ weaknesses in phone network infrastructure EPA says it will step up enforcement to address ‘critical’ vulnerabilities within water sector EPA takes steps to address cybersecurity weaknesses at water utilities British signals agency to protect election candidates’ phones from cyberattacks Feds seize BreachForums platform, Telegram page Dark web narcotics market’s alleged leader arrested and charged in New York WikiLeaks’ Julian Assange Can Appeal His Extradition to the US, British Court Says | WIRED

In this podcast SentinelOne’s Chief Trust officer Alex Stamos and its Chief Intelligence and Public Policy Officer Chris Krebs join Patrick Gray to talk all about AI. It’s been a year and a half since ChatGPT landed and freaked everyone out. Since then, AI has really entrenched itself as the next big thing. It’s popping up everywhere, and the use cases for cybersecurity are starting to come into focus. Threat actors and defenders are using this stuff already, but it’s early days and as you’ll hear, things are really going to change, and fast.

This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including: The ongoing Ascension healthcare disruption, and Whether its reasonable for healthcare orgs to be pushing back Platforming cybercriminals for interviews Own the libs by… not using E2EE messaging? CISA’s secure by design, we want to believe! The $64billion scale of indusrialised fraud And much, much more. This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report. Show notes Federal agencies assisting Catholic health network amid cyberattack After Ascension ransomware attack, feds issue alert on Black Basta group As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted Stolen children’s health records posted online in extortion bid Guidance for organisations considering payment in... - NCSC.GOV.UK How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security In interview, LockbitSupp says authorities outed the wrong guy A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED UK 'increasingly concerned' about Russian intelligence links to hacktivists Civil society under increasing threats from ‘malicious’ state cyber actors, US Elon Musk Weighs in on the Encryption Wars Between Telegram and Signal Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch Christie's Website Offline For A Fifth Day And The Company Is Still Silent On The Extent Of Last Week's Security Breach 68 tech, security vendors commit to secure-by-design practices | Cybersecurity Dive UK government urges caution over blaming China for Ministry of Defence breach Black Basta group spam-bombs victims and then calls to help Southeast Asian scam syndicates stealing $64 billion annually, researchers find The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy | WIRED ADVANCED APT EMULATION LABS

Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including: The west doxxes LockbitSupp, who must now hide his hundred million dollars Revil hacker behind Kasaya breach gets 14 years Microsoft makes some positive sounding* noises on security A fun flaw in nearly all VPN clients Gitlab admins continue their never-ending incident response And much, much more. This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data. * we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland. Show notes 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks | WIRED Andy Greenberg: "@metlstorm @riskybusiness no w…" - Infosec Exchange U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware Microsoft ties security goals to exec compensation China suspected of hacking British military payment system, reports say Germany recalls ambassador to Russia over cyberattacks Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’ Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED Dropbox says hacker accessed passwords, authentication info during breach Maximum-severity GitLab flaw allowing account hijacking under active exploitation | Ars Technica Our new research: Enhancing blockchain analytics through AI Reconstructing the Mind’s Eye: fMRI-to-Image with Contrastive Learning and Diffusion Priors Kevin Collier on X: "Oh my God. @riskybusiness is already the name of what is by a longshot the most established cyber podcast. There are a million possible names out there and Mr Decision Making over here went with one that's been in use for more than 15 years."

On this week’s show Patrick and Adam discuss the week’s security news, including: Microsoft reassures* us that they take security very seriously* Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure how Change Healthcare was 1FA Citrix all along The FTC, FCC and other government sticks get waved at tech Lizard Squad Finn who hacked the Vastaamo therapy chain gets sentenced And much, much more. This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable. * You’ll forgive us for being… a tad sceptical.

In this edition of Snake Oilers we’ll be hearing from: Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.) Knoc Knoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.) iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)

In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology. China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over. Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, more This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches. Show notes Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Rapid7 Technical Analysis Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security Congress rails against UnitedHealth Group after ransomware attack | CyberScoop The US Government Has a Microsoft Problem | WIRED House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post Top officials again push back on ransom payment ban | Cybersecurity Dive Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop Over 500 people targeted by Pegasus spyware in Poland, officials say Apple drops term 'state-sponsored' attacks from its threat notification policy “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass PuTTY vulnerability vuln-p521-bias Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security

On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware: down but not out Zero day prices on the rise… … and what it means for enterprise software Geopolitical conflict comes to computers in Palau Ukraine cyber chief Illia Vitiuk suspended More x86 microarchitectural bad times And much much more Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”. Show notes CyberCX_Report_DFIR 2023 Year in Review_Online.pdf Ransomlook Stats Vlad Styran 🇺🇦 on X: ".@riskybusiness has noted recently that there is an “orthodox Easter”-like low season in the ransomware village. Although my sources do not support this assessment, if true, there might be a simple explanation https://t.co/kM8lu6KbyY" / X Price of zero-day exploits rises as companies harden products against hackers | TechCrunch Mandiant spots advanced exploit activity in Ivanti devices | Cybersecurity Dive Pricing - Knocknoc ALPHV steps up laundering of Change Healthcare ransom payments | CyberScoop Extortion group threatens to sell Change Healthcare data | CyberScoop Attempted hack on NYC continues wave of cyberattacks against municipal governments Missouri county declares state of emergency amid suspected ransomware attack | Ars Technica Medusa cybercrime gang takes credit for another attack on US municipality Omni Hotels & Resorts hit by cyberattack | Cybersecurity Dive Targus says cyberattack is causing operational outage | TechCrunch German database company Genios confirms ransomware attack Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses ‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident 'They’re lying': Palau denies claims by ransomware gang over recent cyberattack Ukrainian security service’s cyber chief suspended following media investigation Russia seeks criminal charges against executives at flight booking service accused of failing to protect consumer data House hurtles toward showdown over expiring surveillance tools | CyberScoop D-Link tells customers to sunset actively exploited storage devices | Cybersecurity Dive A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED Ahoi Attacks Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability - Phoronix Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers | Proofpoint US

In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2

In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2

On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away

On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away

On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching’ hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch

On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching’ hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.

On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit’s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit’s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children’s hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp

On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children’s hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind’ AlphV’s hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia’s chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind’ AlphV’s hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia’s chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security Russia detains hacker behind Australia’s Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ‘Alarming’ cyberattack hits Canada’s federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED New Biden order would stem flow of Americans’ sensitive data to China - The Washington Post

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security Russia detains hacker behind Australia’s Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ‘Alarming’ cyberattack hits Canada’s federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED New Biden order would stem flow of Americans’ sensitive data to China - The Washington Post

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world’s biggest ransomware operation Shanghai Anxun’s information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world’s biggest ransomware operation Shanghai Anxun’s information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Somehow there are still more Ivanti and Fortinet exploits Volt Typhoon have been at it for years Starlink in Ukraine gets complicated Canadians hate poor Flipper Much, much more… In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them. Show notes Microsoft Azure customers hit by phishing, account takeover attacks | Cybersecurity Dive Ivanti publishes urgent warning about new vulnerability How is Pulse Secure Formed Attackers hit more networking gear, this time a critical Fortinet CVE | Cybersecurity Dive End Of General Availability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) Coker: ONCD is studying ‘liability regimes’ for software flaws Chinese hackers spent 5 years in US infrastructure, ready to attack CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’ Russia using Starlink Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown | Ars Technica Health insurance data breach affects nearly half of France’s population, privacy regulator warns Hackers attack 25 Romanian hospitals Catalin on the Rhysider ransomware decrypter going public A password manager LastPass calls “fraudulent” booted from App Store | Ars Technica From Cybercrime Saul Goodman to the Russian GRU – Krebs on Security

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Somehow there are still more Ivanti and Fortinet exploits Volt Typhoon have been at it for years Starlink in Ukraine gets complicated Canadians hate poor Flipper Much, much more… In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them. Show notes Microsoft Azure customers hit by phishing, account takeover attacks | Cybersecurity Dive Ivanti publishes urgent warning about new vulnerability How is Pulse Secure Formed Attackers hit more networking gear, this time a critical Fortinet CVE | Cybersecurity Dive End Of General Availability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) Coker: ONCD is studying ‘liability regimes’ for software flaws Chinese hackers spent 5 years in US infrastructure, ready to attack CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’ Russia using Starlink Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown | Ars Technica Health insurance data breach affects nearly half of France’s population, privacy regulator warns Hackers attack 25 Romanian hospitals Catalin on the Rhysider ransomware decrypter going public A password manager LastPass calls “fraudulent” booted from App Store | Ars Technica From Cybercrime Saul Goodman to the Russian GRU – Krebs on Security

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about: Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action How vendors are using Greynoise as an early warning system to identify exploitation of their products How he’s using large language models to reverse exploitation attempts into actual exploits It truly is a great conversation, we hope you enjoy it!

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about: Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action How vendors are using Greynoise as an early warning system to identify exploitation of their products How he’s using large language models to reverse exploitation attempts into actual exploits It truly is a great conversation, we hope you enjoy it!

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use’ after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC’s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use’ after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC’s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. Microsoft honks its clown car horn Australia’s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson… … while Progress does not and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. Microsoft honks its clown car horn Australia’s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson… … while Progress does not and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register

On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says

On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: SEC Twitter account hack moves bitcoin price Kaspersky admires Triangulation hackers’ fine work Telcos hacked all over Israel hacks Iranian gasoline pumps again Iran up in Albania, Sudan, Egypt and Tanzania and much, much more… This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: * SEC Twitter account hack moves bitcoin price * Kaspersky admires Triangulation hackers’ fine work * Telcos hacked all over * Israel hacks Iranian gasoline pumps again * Iran up in Albania, Sudan, Egypt and Tanzania * and much, much more… This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica

In this week’s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week’s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst’s founder, is this week’s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.

In this week’s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week’s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst’s founder, is this week’s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.

In this Soap Box edition of the Risky Business podcast Patrick Gray talks to Island’s Bradon Rogers about security-focussed, enterprise browsers. You can use Island to do stuff like grant third parties access to corporate applications on unmanaged devices in a not insane way – that’s a huge pain point for a lot of CISOs, and something that is bringing a lot of new customers through Island’s doors. Obviously for devices you do manage, you can roll Island out as your default enterprise browser. There are a lot of security benefits to doing that.

In this Soap Box edition of the Risky Business podcast Patrick Gray talks to Island’s Bradon Rogers about security-focussed, enterprise browsers. You can use Island to do stuff like grant third parties access to corporate applications on unmanaged devices in a not insane way – that’s a huge pain point for a lot of CISOs, and something that is bringing a lot of new customers through Island’s doors. Obviously for devices you do manage, you can roll Island out as your default enterprise browser. There are a lot of security benefits to doing that.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn’t the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed’ attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch ‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn’t the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed’ attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch ‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The Citrixbleed ransomware crisis Why the FBI hasn’t arrested Scattered Spider members DPRK is in your supply chains Microsoft has a brainwave and buys a HSM When civil war meets pig butchering Much, much more This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes ‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA Australian ports operator recovering after major cyber incident Minister lashes DP World hack failure Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states | CNN Politics Fidelity National Financial investigating cyberattack that led to service disruption | Cybersecurity Dive Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS North Texas water utility serving 2 million hit with cyberattack Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack High-profile ransomware gang suspects arrested in Ukraine FBI struggled to disrupt dangerous casino hacking gang, cyber responders say | Reuters Chinese spies had acces to Dutch chip maker NXP's systems for over two years: report | NL Times North Korean supply chain attacks prompt joint warning from Seoul and London North Korean attack on CyberLink impacted devices around the world, Microsoft says North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop (14) Microsoft Should Look to the Past for Its Security Future Sacked Ukrainian cyber chief released on bail amid corruption probe Second top Ukrainian cyber official arrested amid corruption probe Report claims to reveal identity of Russian hacktivist leader Rebel offensive in Myanmar takes aim at online scam industry Myanmar Rebel Offensive Helps China's Cybercrime Crackdown Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop Nearly two dozen Danish energy companies hacked through firewall bug in May Senate proposes surveillance bill without FBI warrant requirement The FCC says new rules will curb SIM swapping. I’m pessimistic | Ars Technica EU urged to drop new law that could allow member states to intercept and decrypt global web traffic Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog Spavor blames fellow prisoner Kovrig for Chinese detention, alleges he was used for intelligence gathering - The Globe and Mail The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The Citrixbleed ransomware crisis Why the FBI hasn’t arrested Scattered Spider members DPRK is in your supply chains Microsoft has a brainwave and buys a HSM When civil war meets pig butchering Much, much more This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes ‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA Australian ports operator recovering after major cyber incident Minister lashes DP World hack failure Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states | CNN Politics Fidelity National Financial investigating cyberattack that led to service disruption | Cybersecurity Dive Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS North Texas water utility serving 2 million hit with cyberattack Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack High-profile ransomware gang suspects arrested in Ukraine FBI struggled to disrupt dangerous casino hacking gang, cyber responders say | Reuters Chinese spies had acces to Dutch chip maker NXP's systems for over two years: report | NL Times North Korean supply chain attacks prompt joint warning from Seoul and London North Korean attack on CyberLink impacted devices around the world, Microsoft says North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop (14) Microsoft Should Look to the Past for Its Security Future Sacked Ukrainian cyber chief released on bail amid corruption probe Second top Ukrainian cyber official arrested amid corruption probe Report claims to reveal identity of Russian hacktivist leader Rebel offensive in Myanmar takes aim at online scam industry Myanmar Rebel Offensive Helps China's Cybercrime Crackdown Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop Nearly two dozen Danish energy companies hacked through firewall bug in May Senate proposes surveillance bill without FBI warrant requirement The FCC says new rules will curb SIM swapping. I’m pessimistic | Ars Technica EU urged to drop new law that could allow member states to intercept and decrypt global web traffic Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog Spavor blames fellow prisoner Kovrig for Chinese detention, alleges he was used for intelligence gathering - The Globe and Mail The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED

In this Soap Box podcast Patrick Gray talks to Material Security’s CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites. Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files? Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account. Even if you’re not interested in buying a product to tackle this, we think this one is a great listen.

In this Soap Box podcast Patrick Gray talks to Material Security’s CEO and co-founder Abishek Agrawal about the security problems inherent to modern productivity suites. Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files? Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account. Even if you’re not interested in buying a product to tackle this, we think this one is a great listen.

On this week’s show Patrick Gray talks through the news with Chris Krebs and Dmitri Alperovitch. They discuss: The SEC enforcement action against Solarwinds’ CISO The White House AI Executive Order CitrixBleed exploitation goes wide How Kaspersky captured some (likely) Five Eyes iOS 0day Elon Musk’s Gaza Strip adventures Much, much more This week’s show is brought to you by Greynoise. Andrew Morris, Greynoise’s founder and CEO, is this week’s sponsor guest. He talks about how Greynoise is using large language models to help them analyse massive quantities of malicious internet traffic. Show notes comp-pr2023-227.pdf Biden signs executive order to oversee and invest in AI tech Risky Biz News: CitrixBleed vulnerability goes from bad to disastrous Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X How Kaspersky obtained all stages of Operation Triangulation | Securelist Kaspersky reveals 'elegant' malware resembling NSA code | CyberScoop Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner A cascade of compromise: unveiling Lazarus' new campaign | Securelist Near-total internet and cellular blackout hits Gaza as Israel ramps up strikes Amichai Stein on X: "Israel's Communications Minister @shlomo_karhi in response to Elon Musk: Israel will use all the means at its disposal to fight this. Hamas will use this for terrorist activity. There is no doubt about it. We know it, and Musk knows it. Hamas is ISIS." / X Shashank Joshi on X: "Wonder what encryption, if any, they use? Vulnerable to tapping. "Hamas has maintained operational security by going “stone age” and using hard-wired phone lines while eschewing devices that are hackable or emit an electronic signature." https://t.co/ALVSXb55Zn" / X Hackers that breached Las Vegas casinos rely on violent threats, research shows | CyberScoop Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog GitHub - cloudflare/har-sanitizer Russia to launch its own version of VirusTotal due to US snooping fears iPhones have been exposing your unique MAC despite Apple’s promises otherwise | Ars Technica VMware warns of critical vulnerability affecting vCenter Server product Judge tosses Khashoggi widow’s lawsuit against NSO Group

On this week’s show Patrick Gray talks through the news with Chris Krebs and Dmitri Alperovitch. They discuss: The SEC enforcement action against Solarwinds’ CISO The White House AI Executive Order CitrixBleed exploitation goes wide How Kaspersky captured some (likely) Five Eyes iOS 0day Elon Musk’s Gaza Strip adventures Much, much more This week’s show is brought to you by Greynoise. Andrew Morris, Greynoise’s founder and CEO, is this week’s sponsor guest. He talks about how Greynoise is using large language models to help them analyse massive quantities of malicious internet traffic. Show notes comp-pr2023-227.pdf Biden signs executive order to oversee and invest in AI tech Risky Biz News: CitrixBleed vulnerability goes from bad to disastrous Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X How Kaspersky obtained all stages of Operation Triangulation | Securelist Kaspersky reveals 'elegant' malware resembling NSA code | CyberScoop Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner A cascade of compromise: unveiling Lazarus' new campaign | Securelist Near-total internet and cellular blackout hits Gaza as Israel ramps up strikes Amichai Stein on X: "Israel's Communications Minister @shlomo_karhi in response to Elon Musk: Israel will use all the means at its disposal to fight this. Hamas will use this for terrorist activity. There is no doubt about it. We know it, and Musk knows it. Hamas is ISIS." / X Shashank Joshi on X: "Wonder what encryption, if any, they use? Vulnerable to tapping. "Hamas has maintained operational security by going “stone age” and using hard-wired phone lines while eschewing devices that are hackable or emit an electronic signature." https://t.co/ALVSXb55Zn" / X Hackers that breached Las Vegas casinos rely on violent threats, research shows | CyberScoop Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog GitHub - cloudflare/har-sanitizer Russia to launch its own version of VirusTotal due to US snooping fears iPhones have been exposing your unique MAC despite Apple’s promises otherwise | Ars Technica VMware warns of critical vulnerability affecting vCenter Server product Judge tosses Khashoggi widow’s lawsuit against NSO Group

In this edition of the Soap Box we hear from Mike Wiacek and Eric Foster from Stairwell. Stairwell makes a product that collects and analyses every executable file in your environment. You deploy file collectors to your systems and they forward all new files to Stairwell for manual and automated analysis. You can do a lot of really cool analysis once you have all that stuff in the same place. But as you’ll hear, Stairwell is broadening out the use cases for its platform. You don’t want to forward files from every system? You don’t have to. It’s still very useful as an analysis platform. It’s sort of like VirusTotal, but private and with a bunch more bells and whistles. There’s also a bunch of sharing tools in the platform, which gives it a “social network for CTI nerds” flavour.

In this edition of the Soap Box we hear from Mike Wiacek and Eric Foster from Stairwell. Stairwell makes a product that collects and analyses every executable file in your environment. You deploy file collectors to your systems and they forward all new files to Stairwell for manual and automated analysis. You can do a lot of really cool analysis once you have all that stuff in the same place. But as you’ll hear, Stairwell is broadening out the use cases for its platform. You don’t want to forward files from every system? You don’t have to. It’s still very useful as an analysis platform. It’s sort of like VirusTotal, but private and with a bunch more bells and whistles. There’s also a bunch of sharing tools in the platform, which gives it a “social network for CTI nerds” flavour.

On this week’s show Patrick Gray talks through the news with Dmitri Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director Morgan Adamski. They discuss: The Okta breach 40-50k feral Ciscos Why the http/2 protocol flaw is a real headache The Ragnar Locker takedown What the NSA CCC has been thinking about This week’s show is brought to you by Socket. Socket’s founder Feross Aboukhadijeh joins us this week to talk about their actually-not-crazy use of large language models in their product. Show notes Hackers Stole Access Tokens from Okta’s Support Unit – Krebs on Security Almost 42K Cisco IOS XE devices exploited, no patch available | Cybersecurity Dive Critical Atlassian Confluence CVE under exploit by prolific state-linked actor | Cybersecurity Dive JetBrains vulnerability being exploited by North Korean gov’t hackers, Microsoft says Citrix Netscaler patch for critical CVE bypassed by malicious hackers | Cybersecurity Dive HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years | WIRED How North Korean Workers Tricked U.S. Companies into Hiring Them and Secretly Funneled Their Earnings into Weapons Programs Ragnar Locker takedown Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts The US Congress Was Targeted With Predator Spyware Lloyd’s of London finds hypothetical cyberattack could cost world economy $3.5 trillion

On this week’s show Patrick Gray talks through the news with Dmitri Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director Morgan Adamski. They discuss: The Okta breach 40-50k feral Ciscos Why the http/2 protocol flaw is a real headache The Ragnar Locker takedown What the NSA CCC has been thinking about This week’s show is brought to you by Socket. Socket’s founder Feross Aboukhadijeh joins us this week to talk about their actually-not-crazy use of large language models in their product. Show notes Hackers Stole Access Tokens from Okta’s Support Unit – Krebs on Security Almost 42K Cisco IOS XE devices exploited, no patch available | Cybersecurity Dive Critical Atlassian Confluence CVE under exploit by prolific state-linked actor | Cybersecurity Dive JetBrains vulnerability being exploited by North Korean gov’t hackers, Microsoft says Citrix Netscaler patch for critical CVE bypassed by malicious hackers | Cybersecurity Dive HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years | WIRED How North Korean Workers Tricked U.S. Companies into Hiring Them and Secretly Funneled Their Earnings into Weapons Programs Ragnar Locker takedown Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts The US Congress Was Targeted With Predator Spyware Lloyd’s of London finds hypothetical cyberattack could cost world economy $3.5 trillion

Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d. He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.

Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d. He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover: Microsoft has killed VBScript Google to make passkeys the new default sign-in method MGM losses to exceed $100m Clorox has a bad quarter Why a bug in cURL could be really bad news Much, much more This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments. Show notes Deprecated features in the Windows client - What's new in Windows | Microsoft Learn Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states Cybercrime gangs now deploying ransomware within 24 hours of hacking victims Microsoft: Human-operated ransomware attacks tripled over past year Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop 67 X accounts spread coordinated Israel-Hamas disinformation: report John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X Hacktivism erupts in response to Hamas-Israel war | TechCrunch ‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks NVD - CVE-2023-44487 Maintainers warn of vulnerability affecting foundational open-source tool 23andMe user data targeting Ashkenazi Jews leaked online 23andMe User Data Stolen in Credential Stuffing Attack Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica From AI with love: Scammers integrate ChatGPT into dating-app tool Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover: Microsoft has killed VBScript Google to make passkeys the new default sign-in method MGM losses to exceed $100m Clorox has a bad quarter Why a bug in cURL could be really bad news Much, much more This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments. Show notes Deprecated features in the Windows client - What's new in Windows | Microsoft Learn Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states Cybercrime gangs now deploying ransomware within 24 hours of hacking victims Microsoft: Human-operated ransomware attacks tripled over past year Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop 67 X accounts spread coordinated Israel-Hamas disinformation: report John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X Hacktivism erupts in response to Hamas-Israel war | TechCrunch ‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks NVD - CVE-2023-44487 Maintainers warn of vulnerability affecting foundational open-source tool 23andMe user data targeting Ashkenazi Jews leaked online 23andMe User Data Stolen in Credential Stuffing Attack Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica From AI with love: Scammers integrate ChatGPT into dating-app tool Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ransomware crews target WS_FTP and Jetbrains servers Global energy supply shapes up as big target The Dossier Center drops another banger Indian nationalists DDoS Canadian targets A look at the Exim drama Much, much more This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Multiple exploits hit Progress Software’s WS_FTP Server | Cybersecurity Dive Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive Progress Software says business impact ‘minimal’ from MOVEit attack spree | Cybersecurity Dive NEXTA on X: Гостайна по электричеству - Досье Russian flight booking system suffers ‘massive’ cyberattack Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News NATO investigating breach, leak of internal documents | CyberScoop Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive Suspected China-based hackers target Middle Eastern telecom, Asian government North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company Ransomware gangs destroying data, using multiple strains during attacks: FBI Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica NSA is creating a hub for AI security, Nakasone says Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica ‘Snatch’ Ransom Group Exposes Visitor IP Addresses – Krebs on Security IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ransomware crews target WS_FTP and Jetbrains servers Global energy supply shapes up as big target The Dossier Center drops another banger Indian nationalists DDoS Canadian targets A look at the Exim drama Much, much more This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Multiple exploits hit Progress Software’s WS_FTP Server | Cybersecurity Dive Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive Progress Software says business impact ‘minimal’ from MOVEit attack spree | Cybersecurity Dive NEXTA on X: Гостайна по электричеству - Досье Russian flight booking system suffers ‘massive’ cyberattack Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News NATO investigating breach, leak of internal documents | CyberScoop Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive Suspected China-based hackers target Middle Eastern telecom, Asian government North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company Ransomware gangs destroying data, using multiple strains during attacks: FBI Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica NSA is creating a hub for AI security, Nakasone says Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica ‘Snatch’ Ransom Group Exposes Visitor IP Addresses – Krebs on Security IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch

On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover: How western youths are working with Russian ransomware crews Russia has changed its targeting in Ukraine A massive breach of historical Russian flight information is god’s gift to OSINT orgs Cisco buys Splunk for $28bn Much, much more This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest. Links to everything that we discussed are below. Show notes MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive mgmkirwan - DocumentCloud Cross-Tenant Impersonation: Prevention and Detection | Okta Security 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters Youth hacking ring at the center of cybercrime spree | CyberScoop UK logistics firm blames ransomware attack for insolvency, 730 redundancies Philippines state health org struggling to recover from ransomware attack Bermuda’s premier attributes system outages to ‘Russia-based’ attackers Russian hackers target Ukrainian government systems involved in war crimes investigations (4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X Hackers break into Russian database with data on hundreds of millions of flights Canada blames border checkpoint outages on cyberattack Air Canada says hackers accessed limited employee records during cyberattack 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years Hong Kong crypto business Mixin says hackers stole $200 million in assets Cisco to buy Splunk for $28B | Cybersecurity Dive British Army general says UK now conducting ‘hunt forward’ operations World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado

On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover: How western youths are working with Russian ransomware crews Russia has changed its targeting in Ukraine A massive breach of historical Russian flight information is god’s gift to OSINT orgs Cisco buys Splunk for $28bn Much, much more This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest. Links to everything that we discussed are below. Show notes MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive mgmkirwan - DocumentCloud Cross-Tenant Impersonation: Prevention and Detection | Okta Security 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters Youth hacking ring at the center of cybercrime spree | CyberScoop UK logistics firm blames ransomware attack for insolvency, 730 redundancies Philippines state health org struggling to recover from ransomware attack Bermuda’s premier attributes system outages to ‘Russia-based’ attackers Russian hackers target Ukrainian government systems involved in war crimes investigations (4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X Hackers break into Russian database with data on hundreds of millions of flights Canada blames border checkpoint outages on cyberattack Air Canada says hackers accessed limited employee records during cyberattack 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years Hong Kong crypto business Mixin says hackers stole $200 million in assets Cisco to buy Splunk for $28B | Cybersecurity Dive British Army general says UK now conducting ‘hunt forward’ operations World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado

In this edition of Snake Oilers you’ll hear product pitches from: Sublime Security: e-mail security for people who want to tune their detections VulnCheck: Provides vulnerability intelligence to governments, large enterprises and vendors Devicie: Manage your devices with Intune without pulling your hair out Show notes sublime.security VulnCheck - Outpace Adversaries Cloud-native device management platform | Devicie

In this edition of Snake Oilers you’ll hear product pitches from: Sublime Security: e-mail security for people who want to tune their detections Vulncheck: Provides vulnerability intelligence to governments, large enterprises and vendors Devicie: Manage your devices with Intune without pulling your hair out Show notes sumblime.security VulnCheck - Outpace Adversaries Cloud-native device management platform | Devicie

On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover: Microsoft’s 38TB oopsie MGM’s Okta compromised, was this what Okta was warning us about? Why we need a cyber knife fight Google Authenticator sync abused in the wild Much, much more This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center (6) Microsoft's Security Culture Just Isn't up to Scratch Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive I Gambled in MGM's Hacked Casinos ‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive Caesars Entertainment says it was also a victim of a cyberattack Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive DHS: Ransomware attackers headed for second most profitable year (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X White House urging dozens of countries to publicly commit to not pay ransoms Cyberattack on Kansas town affects email, phone, payment systems Major trucking software provider confirms ransomware incident Several Colombian government ministries hampered by ransomware attack Manchester police officers’ data stolen following ransomware attack on supplier Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say How Google Authenticator made one company’s network breach much, much worse | Ars Technica Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED Mozilla, CISA urge users to patch Firefox security flaw UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza War crimes tribunal ICC says it has been hacked | Reuters XINTRA - Cybersecurity Training CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube SaaS attack techniques SaaS attack matrix: The shadow workflow’s evil twin SaaS Attack: How to SAMLjack a poisoned tenant SAMLjacking a poisoned tenant demo - YouTube SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube

On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover: Microsoft’s 38TB oopsie MGM’s Okta compromised, was this what Okta was warning us about? Why we need a cyber knife fight Google Authenticator sync abused in the wild Much, much more This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center (6) Microsoft's Security Culture Just Isn't up to Scratch Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive I Gambled in MGM's Hacked Casinos ‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive Caesars Entertainment says it was also a victim of a cyberattack Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive DHS: Ransomware attackers headed for second most profitable year (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X White House urging dozens of countries to publicly commit to not pay ransoms Cyberattack on Kansas town affects email, phone, payment systems Major trucking software provider confirms ransomware incident Several Colombian government ministries hampered by ransomware attack Manchester police officers’ data stolen following ransomware attack on supplier Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say How Google Authenticator made one company’s network breach much, much worse | Ars Technica Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED Mozilla, CISA urge users to patch Firefox security flaw UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza War crimes tribunal ICC says it has been hacked | Reuters XINTRA - Cybersecurity Training CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube SaaS attack techniques SaaS attack matrix: The shadow workflow’s evil twin SaaS Attack: How to SAMLjack a poisoned tenant SAMLjacking a poisoned tenant demo - YouTube SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: How Storm-0558 stole Microsoft’s signing key Cisco 0day being used by ransomware crews We were right about Elon stumbling into the Ukraine war Someone’s amazing image library 0day just got crushed Much, much more! This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center Microsoft reveals how hackers stole its email signing key… kind of | TechCrunch Kevin Beaumont: "One extra thing to highlight -…" - Cyberplace Preventing Authentication Bypass: A Tale of Two Researchers - YouTube BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive Microsoft Teams phishing attack pushes DarkGate malware CISA warns of attacks using Microsoft Word, Adobe bugs New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive MGM Resorts takes systems offline following cyberattack Save the Children International hit with cyberattack, but says operations weren’t impacted Sri Lankan government loses months of data following ransomware attack (6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too. Opinion | The untold story of Elon Musk’s support for Ukraine - The Washington Post Elon Musk on X: SpaceX unveils Starshield, a military variation of Starlink satellites China-Linked Hackers Breached a Power Grid—Again | WIRED Just waiting for a mate - YouTube North Korea-backed hackers target security researchers with 0-day | Ars Technica Cars are collecting data on par with Big Tech, watchdog report finds Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: How Storm-0558 stole Microsoft’s signing key Cisco 0day being used by ransomware crews We were right about Elon stumbling into the Ukraine war Someone’s amazing image library 0day just got crushed Much, much more! This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center Microsoft reveals how hackers stole its email signing key… kind of | TechCrunch Kevin Beaumont: "One extra thing to highlight -…" - Cyberplace Preventing Authentication Bypass: A Tale of Two Researchers - YouTube BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive Microsoft Teams phishing attack pushes DarkGate malware CISA warns of attacks using Microsoft Word, Adobe bugs New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive MGM Resorts takes systems offline following cyberattack Save the Children International hit with cyberattack, but says operations weren’t impacted Sri Lankan government loses months of data following ransomware attack (6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too. Opinion | The untold story of Elon Musk’s support for Ukraine - The Washington Post Elon Musk on X: SpaceX unveils Starshield, a military variation of Starlink satellites China-Linked Hackers Breached a Power Grid—Again | WIRED Just waiting for a mate - YouTube North Korea-backed hackers target security researchers with 0-day | Ars Technica Cars are collecting data on par with Big Tech, watchdog report finds Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X

In this edition of Snake Oilers you’ll hear product pitches from: ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down Zero Networks: Agentless: heavily automated microsegmentation and a VPN product that won’t get you insta-owned Show notes ConductorOne - Identity security & access control Home - BloodHound Enterprise Microsegmentation in a Matter of Minutes | Zero Networks

In this edition of Snake Oilers you’ll hear product pitches from: ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down Zero Networks: Agentless, heavily automated microsegmentation and a VPN product that won’t get you insta-owned Show notes ConductorOne - Identity security & access control Home - BloodHound Enterprise Microsegmentation in a Matter of Minutes | Zero Networks

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel’s SS7 access Much, much more! This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World’s Top Cybercrime Gangs | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel’s SS7 access Much, much more! This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World’s Top Cybercrime Gangs | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The FBI takes down Qakbot, steals operators’ bitcoins ha ha Danish hosting provider completely destroyed in ransomware attack Sophisticated Russian cyber attack on Polish trains. Well. Not really. Microsoft revokes cert then revokes its revocation Much, much more! This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters Danish cloud host says customers ‘lost all data’ after ransomware attack | TechCrunch VDP Platform 2022 Annual Report Showcases Platform’s Success | CISA Proposed bill would require vulnerability disclosure policies for all federal contractors The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED Two suspects arrested following Poland railway hack ‘Incredible concern and anger’ among Metropolitan Police after hackers breach data New malware from North Korea’s Lazarus used against healthcare industry North Korea’s Lazarus hackers behind recent crypto heists: FBI US arrests Tornado Cash co-founder, sanctions another who remains at large Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security (2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant Unpacking the MOVEit Breach: Statistics and Analysis The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive British court convicts two teen Lapsus$ members of hacking tech firms Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. – Krebs on Security Apple security updates could be banned by British government

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The FBI takes down Qakbot, steals operators’ bitcoins ha ha Danish hosting provider completely destroyed in ransomware attack Sophisticated Russian cyber attack on Polish trains. Well. Not really. Microsoft revokes cert then revokes its revocation Much, much more! This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters Danish cloud host says customers ‘lost all data’ after ransomware attack | TechCrunch VDP Platform 2022 Annual Report Showcases Platform’s Success | CISA Proposed bill would require vulnerability disclosure policies for all federal contractors The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED Two suspects arrested following Poland railway hack ‘Incredible concern and anger’ among Metropolitan Police after hackers breach data New malware from North Korea’s Lazarus used against healthcare industry North Korea’s Lazarus hackers behind recent crypto heists: FBI US arrests Tornado Cash co-founder, sanctions another who remains at large Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security (2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant Unpacking the MOVEit Breach: Statistics and Analysis The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive British court convicts two teen Lapsus$ members of hacking tech firms Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. – Krebs on Security Apple security updates could be banned by British government

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: (NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!) US Government warnings to private space sector on cyber risk Ukrainian hackers dump the inbox of Russian Duma deputy chair Absentee voting in Ecuador’s election disrupted by DDoS attack South Korea warns of Chinese “spy chips” Much, much more! This week’s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week’s show to talk about Powershell Constrained Language mode. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: US warns space sector of hacks, spying, IP theft, and sabotage Safeguarding the US Space Industry - DocumentCloud Ukrainian hackers claim to leak emails of Russian parliament deputy chief Feature Interview: How Sandworm prepared Ukraine for a cyber war - Risky Business British intelligence is tipping off ransomware targets to disrupt attacks Ecuador’s national election agency says cyberattacks caused absentee voting issues Chinese-made 'spy chip' found in Korean state-run weather agency system : r/korea [단독]중국산 기상장비에 ‘스파이칩’ 첫 발견 | 채널A 뉴스 Legitimate software tainted in attacks on Hong Kong organizations, report says Chinese hackers accused of targeting Southeast Asian gambling sector Risky Biz News: PowerShell's official package repo is a supply chain mess Zoom’s AI terms overhaul sets stage for broader data use scrutiny | Cybersecurity Dive Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI | CyberScoop Ivanti: Customers ‘impacted’ by new zero-day vulnerability CISA, experts warn of Citrix vulnerabilities being exploited by hackers Zero Networks Connect - Zero Networks | Contain The Next Breach Australia’s .au domain administrator denies data breach after ransomware posting Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | CyberScoop ‘Extreme’ user abuse leads AnonFiles operators to shut down hosting service Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica Did a Journalist Violate Hacking Law to Leak Fox News Clips? The Government Thinks He Did.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: (NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!) US Government warnings to private space sector on cyber risk Ukrainian hackers dump the inbox of Russian Duma deputy chair Absentee voting in Ecuador’s election disrupted by DDoS attack South Korea warns of Chinese “spy chips” Much, much more! This week’s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week’s show to talk about Powershell Constrained Language mode. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: US warns space sector of hacks, spying, IP theft, and sabotage Safeguarding the US Space Industry - DocumentCloud Ukrainian hackers claim to leak emails of Russian parliament deputy chief Feature Interview: How Sandworm prepared Ukraine for a cyber war - Risky Business British intelligence is tipping off ransomware targets to disrupt attacks Ecuador’s national election agency says cyberattacks caused absentee voting issues Chinese-made 'spy chip' found in Korean state-run weather agency system : r/korea [단독]중국산 기상장비에 ‘스파이칩’ 첫 발견 | 채널A 뉴스 Legitimate software tainted in attacks on Hong Kong organizations, report says Chinese hackers accused of targeting Southeast Asian gambling sector Risky Biz News: PowerShell's official package repo is a supply chain mess Zoom’s AI terms overhaul sets stage for broader data use scrutiny | Cybersecurity Dive Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI | CyberScoop Ivanti: Customers ‘impacted’ by new zero-day vulnerability CISA, experts warn of Citrix vulnerabilities being exploited by hackers Zero Networks Connect - Zero Networks | Contain The Next Breach Australia’s .au domain administrator denies data breach after ransomware posting Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | CyberScoop ‘Extreme’ user abuse leads AnonFiles operators to shut down hosting service Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica Did a Journalist Violate Hacking Law to Leak Fox News Clips? The Government Thinks He Did.

In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia’s invasion. From turning off Ukraine’s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia’s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions. How has Ukraine been able to withstand Russia’s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.

In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia’s invasion. From turning off Ukraine’s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia’s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions. How has Ukraine been able to withstand Russia’s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB’s Lapsus$ report Much, much more This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB’s Lapsus$ report Much, much more This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Tenable gives Microsoft a spray over Azure bug fix delay, quality Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization Ransomware targets hospitals, special needs schools Japan’s cybersecurity has some catching up to do Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop Microsoft resolves vulnerability following criticism from Tenable CEO New Microsoft Azure AD CTS feature can be abused for lateral movement Hackers force hospital system to take its national computer system offline Israeli hospital redirects new patients following ransomware attack Russia-linked cybercriminals target school for children with learning difficulties Hackers accessed 16 years of Colorado public school student data in June ransomware attack Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms China hacked Japan’s classified defense cyber networks, officials say - The Washington Post Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne Ukraine says it thwarted attempt to breach military tablets The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving U.K. election regulator says hackers had access for over a year but elections still secure Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED New Inception attack leaks sensitive data from all AMD Zen CPUs Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch ‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Tenable gives Microsoft a spray over Azure bug fix delay, quality Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization Ransomware targets hospitals, special needs schools Japan’s cybersecurity has some catching up to do Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop Microsoft resolves vulnerability following criticism from Tenable CEO New Microsoft Azure AD CTS feature can be abused for lateral movement Hackers force hospital system to take its national computer system offline Israeli hospital redirects new patients following ransomware attack Russia-linked cybercriminals target school for children with learning difficulties Hackers accessed 16 years of Colorado public school student data in June ransomware attack Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms China hacked Japan’s classified defense cyber networks, officials say - The Washington Post Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne Ukraine says it thwarted attempt to breach military tablets The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving U.K. election regulator says hackers had access for over a year but elections still secure Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED New Inception attack leaks sensitive data from all AMD Zen CPUs Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch ‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ron Wyden’s “please explain” letter to Microsoft Chinese APT crews prepositioning to disrupt US military logistics China claims US hacked its seismology sensors Ivanti/MobileIron exploitation going vertical Much, much more This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica John Hultquist🌻 on Twitter: "We found this actor in land, air, and sea transportation targets which could be leveraged for a serious disruption to logistics." / X China accuses U.S. of hacking earthquake monitoring equipment Exclusive: Pentagon Investigates ‘Critical Compromise’ Of Air Force Communications Systems CISA: Ivanti hacks targeting Norway began in April US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’ | TechCrunch Ivanti warns of second vulnerability used in attacks on Norway gov’t Andrew Morris on Twitter: "Exploitation of Ivanti EPMM (MobileIron Core) CVE-2023-35078 is currently popping off https://t.co/tkRoWqvtv1 https://t.co/XOaWEZ3U3X" / X Trail of Bits | Products US contractor says info of up to 10 million leaked in MOVEit breach British ambulances unable to access patient records system following cyberattack Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive An Unexpected Endorsement for WebAuthn | Okta Security SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive White House unveils ‘whole of society’ push to expand cybersecurity workforce Section 702 surveillance powers are necessary, but FBI access needs limits, panel says The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED Kazakhstan refuses to extradite detained Russian cyber expert to US Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters No evidence ransomware victims with cyber insurance pay up more often, UK report says ‘Worm-like’ botnet malware targeting popular Redis storage tool Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Bug in Minecraft mods allows hackers to exploit players' devices

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ron Wyden’s “please explain” letter to Microsoft Chinese APT crews prepositioning to disrupt US military logistics China claims US hacked its seismology sensors Ivanti/MobileIron exploitation going vertical Much, much more This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica John Hultquist🌻 on Twitter: "We found this actor in land, air, and sea transportation targets which could be leveraged for a serious disruption to logistics." / X China accuses U.S. of hacking earthquake monitoring equipment Exclusive: Pentagon Investigates ‘Critical Compromise’ Of Air Force Communications Systems CISA: Ivanti hacks targeting Norway began in April US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’ | TechCrunch Ivanti warns of second vulnerability used in attacks on Norway gov’t Andrew Morris on Twitter: "Exploitation of Ivanti EPMM (MobileIron Core) CVE-2023-35078 is currently popping off https://t.co/tkRoWqvtv1 https://t.co/XOaWEZ3U3X" / X Trail of Bits | Products US contractor says info of up to 10 million leaked in MOVEit breach British ambulances unable to access patient records system following cyberattack Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive An Unexpected Endorsement for WebAuthn | Okta Security SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive White House unveils ‘whole of society’ push to expand cybersecurity workforce Section 702 surveillance powers are necessary, but FBI access needs limits, panel says The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED Kazakhstan refuses to extradite detained Russian cyber expert to US Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters No evidence ransomware victims with cyber insurance pay up more often, UK report says ‘Worm-like’ botnet malware targeting popular Redis storage tool Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Bug in Minecraft mods allows hackers to exploit players' devices

In this interview Patrick Gray speaks to Australia’s Home Affairs and Cyber Security Minister Clare O’Neil and NCSC founding director Ciaran Martin about the government’s upcoming cybersecurity strategy, releasing the hounds and more.

In this interview Patrick Gray speaks to Australia’s Home Affairs and Cyber Security Minister Clare O’Neil and NCSC founding director Ciaran Martin about the government’s upcoming cybersecurity strategy, releasing the hounds and more.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The dust-up between Microsoft and Wiz MobileIron/Ivanti 0day hoses Norwegian government agencies That’ll do TETRA, that’ll do… Microsoft finally agrees to offer decent logging without price gouging Much, much more This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Hackers exploited Ivanti zero-day to breach Norway’s government Citrix zero day exposes critical infrastructure, one provider hit | Cybersecurity Dive Interview with the ETSI Standards Organization That Created TETRA "Backdoor" Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios Microsoft attackers may have data access beyond Outlook, researchers warn | Cybersecurity Dive Risky Biz News: Microsoft feels the heat, gives customers access to more cloud security logs Risky Biz News: JumpCloud compromised by APT group North Korean hackers breached a US tech company to steal crypto | Reuters North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say | CyberScoop White House secures safety commitments from 7 AI companies | Cybersecurity Dive Renewable technologies add risk to the US electric grid, experts warn | CyberScoop Statement on Labor’s rush to renewables leaves Australia vulnerable to catastrophic cyber attack Zenbleed Firmware vulnerabilities in millions of computers could give hackers superuser status | Ars Technica Satellites Are Rife With Basic Security Flaws | WIRED Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says Apple issues third mobile OS update after zero-click spyware campaign | CyberScoop Apple slams UK surveillance-bill proposals - BBC News Bill that Would Stop the Government Buying Data Without a Warrant Passes Key Hurdle Kevin Mitnick Obituary - Las Vegas, NV

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The dust-up between Microsoft and Wiz MobileIron/Ivanti 0day hoses Norwegian government agencies That’ll do TETRA, that’ll do… Microsoft finally agrees to offer decent logging without price gouging Much, much more This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Hackers exploited Ivanti zero-day to breach Norway’s government Citrix zero day exposes critical infrastructure, one provider hit | Cybersecurity Dive Interview with the ETSI Standards Organization That Created TETRA "Backdoor" Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios Microsoft attackers may have data access beyond Outlook, researchers warn | Cybersecurity Dive Risky Biz News: Microsoft feels the heat, gives customers access to more cloud security logs Risky Biz News: JumpCloud compromised by APT group North Korean hackers breached a US tech company to steal crypto | Reuters North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say | CyberScoop White House secures safety commitments from 7 AI companies | Cybersecurity Dive Renewable technologies add risk to the US electric grid, experts warn | CyberScoop Statement on Labor’s rush to renewables leaves Australia vulnerable to catastrophic cyber attack Zenbleed Firmware vulnerabilities in millions of computers could give hackers superuser status | Ars Technica Satellites Are Rife With Basic Security Flaws | WIRED Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says Apple issues third mobile OS update after zero-click spyware campaign | CyberScoop Apple slams UK surveillance-bill proposals - BBC News Bill that Would Stop the Government Buying Data Without a Warrant Passes Key Hurdle Kevin Mitnick Obituary - Las Vegas, NV

This Soap Box edition of the podcast is sponsored by Proofpoint. Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet. That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC. So, with that in mind, what role could large language models play in email security? Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.

This Soap Box edition of the podcast is sponsored by Proofpoint. Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet. That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC. So, with that in mind, what role could large language models play in email security? Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Microsoft’s weasel-word response to the State Department email hack JumpCloud got owned, maybe by DPRK Citrix 0day is getting stuff rekt Two more spyware firms sanctioned by USA Scammers list fake phone numbers for major airlines on Google Maps Much, much more This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes China-based hackers breach email accounts at State Department Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant Hackers target Pakistani government, bank and telecom provider with China-made malware Risky Biz News: JumpCloud compromised by APT group Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity Two more foreign spyware firms blacklisted by US Phone numbers for airlines listed on Google directed to scammers By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success… https://t.co/fAcrYhT696" / Twitter FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive Fed ends Capital One breach-related enforcement action | Cybersecurity Dive Norwegian Refugee Council hit by cyberattack Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says Albania’s PM complains US is not providing country with cyberdefense funds VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL Genesis Market sold to anonymous buyer despite FBI disruption

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Microsoft’s weasel-word response to the State Department email hack JumpCloud got owned, maybe by DPRK Citrix 0day is getting stuff rekt Two more spyware firms sanctioned by USA Scammers list fake phone numbers for major airlines on Google Maps Much, much more This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes China-based hackers breach email accounts at State Department Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant Hackers target Pakistani government, bank and telecom provider with China-made malware Risky Biz News: JumpCloud compromised by APT group Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity Two more foreign spyware firms blacklisted by US Phone numbers for airlines listed on Google directed to scammers By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success… https://t.co/fAcrYhT696" / Twitter FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive Fed ends Capital One breach-related enforcement action | Cybersecurity Dive Norwegian Refugee Council hit by cyberattack Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says Albania’s PM complains US is not providing country with cyberdefense funds VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL Genesis Market sold to anonymous buyer despite FBI disruption

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The SEC is targeting SolarWinds executives UK to make banks liable for fraud NSA issues advice on UEFI trojan Microsoft blocks 100+ dodgy drivers The US IC knew what Prihozhin was up to. But what FSB doing? Much, much more This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop Major Japanese port suspends operation following ransomware attack Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive Chinese state-backed hackers accidentally infected a European hospital with malware Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica CISA says latest VMware analytics bug being exploited MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop Hackers claim to take down Russian satellite communications provider Russian railway site allegedly taken down by Ukrainian hackers Several US states investigating ‘SiegedSec’ hacking campaign Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop Hacktivists steal government files from Texas city Fort Worth | TechCrunch Belarusian hacktivists сlaim to breach country’s leading state university British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow More than 6,500 arrested since French and Dutch police’s EncroChat hack BreachForums seized by FBI three months after arrest of alleged admin BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop Genesis Market gang tries to sell platform after FBI disruption Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive CSI_BlackLotus_Mitigation_Guide.PDF Hacks targeting British exam boards raise fears of students cheating More than $125 million taken from crypto platform Multichain Twitter’s chaotic weekend of outages and rate limits leaves more questions than answers Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The SEC is targeting SolarWinds executives UK to make banks liable for fraud NSA issues advice on UEFI trojan Microsoft blocks 100+ dodgy drivers The US IC knew what Prihozhin was up to. But what FSB doing? Much, much more This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop Major Japanese port suspends operation following ransomware attack Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive Chinese state-backed hackers accidentally infected a European hospital with malware Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica CISA says latest VMware analytics bug being exploited MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop Hackers claim to take down Russian satellite communications provider Russian railway site allegedly taken down by Ukrainian hackers Several US states investigating ‘SiegedSec’ hacking campaign Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop Hacktivists steal government files from Texas city Fort Worth | TechCrunch Belarusian hacktivists сlaim to breach country’s leading state university British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow More than 6,500 arrested since French and Dutch police’s EncroChat hack BreachForums seized by FBI three months after arrest of alleged admin BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop Genesis Market gang tries to sell platform after FBI disruption Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive CSI_BlackLotus_Mitigation_Guide.PDF Hacks targeting British exam boards raise fears of students cheating More than $125 million taken from crypto platform Multichain Twitter’s chaotic weekend of outages and rate limits leaves more questions than answers Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica

In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land. The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques. So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware? Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.

In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land. The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques. So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware? Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’ The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans’ data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’ The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans’ data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Fortinet 0day Groundhog Day CISA’s new binding directive on exposed management interfaces Confirmed: US intelligence buying commercially available data MOVEit drama rolls on Much, much more This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security MOVEit announces second vulnerability; Minnesota schools agency breached with original bug Confidential data downloaded from UK regulator Ofcom in cyberattack Ransomware group Clop issues extortion notice to ‘hundreds’ of victims Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch CISA orders US civilian agencies to remove tools from public-facing internet Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive Microsoft says Azure outage was caused by ‘anomalous’ traffic spike Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED Srsly Risky Biz: Thursday, July 29 - by Tom Uren National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post Senators say Biden administration isn’t close on overhauling surveillance law Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e North Korean hacking group Lazarus linked to $35 million cryptocurrency heist North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters An Illinois hospital links closure to ransomware attack Security professional's tweet forces big change to Google email authentication | CyberScoop Can you trust ChatGPT’s package recommendations? LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Fortinet 0day Groundhog Day CISA’s new binding directive on exposed management interfaces Confirmed: US intelligence buying commercially available data MOVEit drama rolls on Much, much more This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security MOVEit announces second vulnerability; Minnesota schools agency breached with original bug Confidential data downloaded from UK regulator Ofcom in cyberattack Ransomware group Clop issues extortion notice to ‘hundreds’ of victims Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch CISA orders US civilian agencies to remove tools from public-facing internet Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive Microsoft says Azure outage was caused by ‘anomalous’ traffic spike Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED Srsly Risky Biz: Thursday, July 29 - by Tom Uren National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post Senators say Biden administration isn’t close on overhauling surveillance law Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e North Korean hacking group Lazarus linked to $35 million cryptocurrency heist North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters An Illinois hospital links closure to ransomware attack Security professional's tweet forces big change to Google email authentication | CyberScoop Can you trust ChatGPT’s package recommendations? LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Russia’s FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China’s prepositioning is probably… prepositioning Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact [email protected]" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Russia’s FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China’s prepositioning is probably… prepositioning Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact [email protected]" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: China’s lolbin-powered intrusions into critical infrastructure Trend Micro backs BlackBerry’s Cuba call Anonymous Sudan shakes down Scandanavian Airlines Iranian opposition party MEK publishes gargantuan leak Much, much more This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (1) New Messages! U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines Iranian dissidents take over high-security servers of regime presidency | Iran-linked hackers Agrius deploying new ransomware against Israeli orgs Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses NSO spyware used in Armenia-Azerbaijan conflict, report finds Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware SMS pumping fraud: take care how you configure MFA - TechHQ Full Disclosure: Printerlogic multiple vulnerabilities Barracuda Networks issue added to CISA vulnerability list Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive Developing: RaidForums users db leaked Phishing Domains Tanked After Meta Sued Freenom – Krebs on Security Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: China’s lolbin-powered intrusions into critical infrastructure Trend Micro backs BlackBerry’s Cuba call Anonymous Sudan shakes down Scandanavian Airlines Iranian opposition party MEK publishes gargantuan leak Much, much more This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (1) New Messages! U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines Iranian dissidents take over high-security servers of regime presidency | Iran-linked hackers Agrius deploying new ransomware against Israeli orgs Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses NSO spyware used in Armenia-Azerbaijan conflict, report finds Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware SMS pumping fraud: take care how you configure MFA - TechHQ Full Disclosure: Printerlogic multiple vulnerabilities Barracuda Networks issue added to CISA vulnerability list Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive Developing: RaidForums users db leaked Phishing Domains Tanked After Meta Sued Freenom – Krebs on Security Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll. They talk about all sorts of things, like: How the ransomware ecosystem is evolving into “ma and pa” operations Some killer detections they’ve figured out What separates the good networks from the bad ones Why EDR is of limited value if you’re not actually monitoring it Why not letting MDRs do the R part of their job is really, really, really dumb

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll. They talk about all sorts of things, like: How the ransomware ecosystem is evolving into “ma and pa” operations Some killer detections they’ve figured out What separates the good networks from the bad ones Why EDR is of limited value if you’re not actually monitoring it Why not letting MDRs do the R part of their job is really, really, really dumb

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google’s New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market’s competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia’s Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients’ information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident’ cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Wazawaka charged, sanctioned PlugwalkJoe extradited, pleads guilty BlackBerry thinks Cuba ransomware is a front for Russian intelligence Anonymous Sudan pops up in Israel Microsoft’s Outlook patch fail Much, much more This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Alleged Babuk ransomware gang leader ‘Wazawaka’ indicted, sanctioned by US Who is the Network Access Broker ‘Wazawaka?’ – Krebs on Security British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say | TechCrunch Slapdash attempt to hack rocket sirens may be cause for serious alarm about Iran | The Times of Israel Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp | WIRED Twitter under fire for restricting content before Turkish presidential election - CBS News Three opposition media outlets hit by cyber attack Patrick Gray on Twitter: "https://t.co/n5b7wPjI6Y https://t.co/UmDbHbhEcS" / Twitter (1) Patrick Gray on Twitter: "Switched to a domain validated username at the other place. Very easy. https://t.co/U46zABPnJl" / Twitter Emerging ransomware group quickly hits 4 critical infrastructure providers | Cybersecurity Dive A ransomware source code leak spawned at least 10 ‘Babuk’ imitators, researchers say Philadelphia Inquirer unable to go to print due to ‘cyber incident’ Hackers attempt to extort Dragos and its executives in suspected ransomware attempt | CyberScoop Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack Swiss tech giant ABB confirms ‘IT security incident’ CISA: Bl00dy Ransomware Gang using printer vulnerability to attack schools Capita says responding to ransomware attack will cost up to £20 million National Gallery of Canada recovering from ransomware incident Yum Brands faces class action suits from employees after ransomware attack | Cybersecurity Dive Knocking down Hive: How the FBI ran its own ransomware decryption operation Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica FBI nukes Russian Snake data theft malware with self-destruct command The FBI’s New Malware Eradication Service Is on Thin Legal Ice Cisco warns of new ‘Greatness’ phishing-as-a-service tool seen in the wild VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns | Cybersecurity Dive UK's National Crime Agency wins major legal challenge over Encrochat hack Inside the Italian Mafia’s Encrypted Phone of Choice Microsoft releases fix for patched Outlook issue exploited by Russian hackers Scammer Made Thousands Selling 'Leaked' Frank Ocean Tracks That Were Fake, AI-Generated

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Wazawaka charged, sanctioned PlugwalkJoe extradited, pleads guilty BlackBerry thinks Cuba ransomware is a front for Russian intelligence Anonymous Sudan pops up in Israel Microsoft’s Outlook patch fail Much, much more This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Alleged Babuk ransomware gang leader ‘Wazawaka’ indicted, sanctioned by US Who is the Network Access Broker ‘Wazawaka?’ – Krebs on Security British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say | TechCrunch Slapdash attempt to hack rocket sirens may be cause for serious alarm about Iran | The Times of Israel Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp | WIRED Twitter under fire for restricting content before Turkish presidential election - CBS News Three opposition media outlets hit by cyber attack Patrick Gray on Twitter: "https://t.co/n5b7wPjI6Y https://t.co/UmDbHbhEcS" / Twitter (1) Patrick Gray on Twitter: "Switched to a domain validated username at the other place. Very easy. https://t.co/U46zABPnJl" / Twitter Emerging ransomware group quickly hits 4 critical infrastructure providers | Cybersecurity Dive A ransomware source code leak spawned at least 10 ‘Babuk’ imitators, researchers say Philadelphia Inquirer unable to go to print due to ‘cyber incident’ Hackers attempt to extort Dragos and its executives in suspected ransomware attempt | CyberScoop Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack Swiss tech giant ABB confirms ‘IT security incident’ CISA: Bl00dy Ransomware Gang using printer vulnerability to attack schools Capita says responding to ransomware attack will cost up to £20 million National Gallery of Canada recovering from ransomware incident Yum Brands faces class action suits from employees after ransomware attack | Cybersecurity Dive Knocking down Hive: How the FBI ran its own ransomware decryption operation Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica FBI nukes Russian Snake data theft malware with self-destruct command The FBI’s New Malware Eradication Service Is on Thin Legal Ice Cisco warns of new ‘Greatness’ phishing-as-a-service tool seen in the wild VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns | Cybersecurity Dive UK's National Crime Agency wins major legal challenge over Encrochat hack Inside the Italian Mafia’s Encrypted Phone of Choice Microsoft releases fix for patched Outlook issue exploited by Russian hackers Scammer Made Thousands Selling 'Leaked' Frank Ocean Tracks That Were Fake, AI-Generated

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Joe Sullivan’s sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla’s Snake malware operation Much, much more This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran’s Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Joe Sullivan’s sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla’s Snake malware operation Much, much more This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran’s Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED

In this edition of Snake Oilers: Travis McPeak pitches Resourcely’s automagic Terraform cloud-provisioning technology Ken Westin pitches Panther – a cloud-native SIEM developed by former practitioners Brian Kenyon from Island talks about the company’s enterprise browser Enjoy! Show notes Resourcely | Cloud resource creation and management Panther | A Cloud SIEM Platform for Modern Security Teams Island | The Enterprise Browser

In this edition of Snake Oilers: Travis McPeak pitches Resourcely’s automagic Terraform cloud-provisioning technology Ken Westin pitches Panther – a cloud-native SIEM developed by former practitioners Brian Kenyon from Island talks about the company’s enterprise browser Enjoy! Show notes Resourcely | Cloud resource creation and management Panther | A Cloud SIEM Platform for Modern Security Teams Island | The Enterprise Browser

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Rob Joyce weighs in on AI and offsec Mysterious hacker doxes Russian intelligence agency bitcoin wallets Wired deep dives on SolarWinds AmeriCold food logistics giant suffers incident Iranian authorities roll low-tech spyware Much, much more This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI | WIRED 3 areas of generative AI the NSA is watching in cybersecurity | Cybersecurity Dive NSA cyber director warns of ransomware attacks on Ukraine, Western supply chains Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It (1) Alex Banks on Twitter: "Yesterday Palantir announced its Artificial Intelligence Platform. Here's how it transforms the future of military and defence: https://t.co/TcgN29wN19" / Twitter Russian Bitcoin (BTC) Wallets Allegedly Exposed by Apparent Hacker DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED Cold storage company Americold reports cyberattack to SEC CISA seeks public comment on software security attestation form | Cybersecurity Dive Secure Software Development Attestation Form Instructions DHS pushes Congress to formally establish Cyber Safety Review Board First draft of controversial UN Cybercrime Treaty slated for June Return of the EARN IT Act rekindles encryption debate at critical moment for privacy-protecting apps | CyberScoop Apple releases first ‘rapid’ security fixes for iPhones, iPads and Macs | TechCrunch BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Lookout Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity Hackers are breaking into AT&T email accounts to steal cryptocurrency | TechCrunch CISA, FDA warn of new Illumina DNA device vulnerability Apple and Google Set Joint Standards to Stop AirTag Stalking Many Public Salesforce Sites are Leaking Private Data – Krebs on Security Brother of man who ran Helix cryptocurrency mixer jailed for stealing 712 bitcoin Nearly 300 arrested in sprawling international dark web drug market takedown | CyberScoop Students’ psychological reports, abuse allegations leaked by ransomware hackers Mandiant CEO’s 7 tips for cyber defense | Cybersecurity Dive I Regret to Inform You That Bluesky Is Fun | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Rob Joyce weighs in on AI and offsec Mysterious hacker doxes Russian intelligence agency bitcoin wallets Wired deep dives on SolarWinds AmeriCold food logistics giant suffers incident Iranian authorities roll low-tech spyware Much, much more This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI | WIRED 3 areas of generative AI the NSA is watching in cybersecurity | Cybersecurity Dive NSA cyber director warns of ransomware attacks on Ukraine, Western supply chains Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It (1) Alex Banks on Twitter: "Yesterday Palantir announced its Artificial Intelligence Platform. Here's how it transforms the future of military and defence: https://t.co/TcgN29wN19" / Twitter Russian Bitcoin (BTC) Wallets Allegedly Exposed by Apparent Hacker DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED Cold storage company Americold reports cyberattack to SEC CISA seeks public comment on software security attestation form | Cybersecurity Dive Secure Software Development Attestation Form Instructions DHS pushes Congress to formally establish Cyber Safety Review Board First draft of controversial UN Cybercrime Treaty slated for June Return of the EARN IT Act rekindles encryption debate at critical moment for privacy-protecting apps | CyberScoop Apple releases first ‘rapid’ security fixes for iPhones, iPads and Macs | TechCrunch BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Lookout Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity Hackers are breaking into AT&T email accounts to steal cryptocurrency | TechCrunch CISA, FDA warn of new Illumina DNA device vulnerability Apple and Google Set Joint Standards to Stop AirTag Stalking Many Public Salesforce Sites are Leaking Private Data – Krebs on Security Brother of man who ran Helix cryptocurrency mixer jailed for stealing 712 bitcoin Nearly 300 arrested in sprawling international dark web drug market takedown | CyberScoop Students’ psychological reports, abuse allegations leaked by ransomware hackers Mandiant CEO’s 7 tips for cyber defense | Cybersecurity Dive I Regret to Inform You That Bluesky Is Fun | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The supply chain attack in the supply chain attack Russia has a China dependency problem Recent research into TLS resumption flaws Google and Intel team up on hardware hacking DHS will hack enterprise kit Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg Hackers to show they can take over a European Space Agency satellite DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure Bill proposes new DHS centers for testing security of critical government tech UK says ‘Wagner-like cyber groups’ attacking critical infrastructure Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’ Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED We Really Need to Talk About Session Tickets | System Security Group Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica Finding PaperCut MF and NG servers DC health exchange breach traced back to misconfigured Amazon server Ukraine remains Russia’s biggest cyber focus in 2023 The hacker Bassterlord in his own words: Portrait of an access broker as a young man Hacker Group Names Are Now Absurdly Out of Control | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The supply chain attack in the supply chain attack Russia has a China dependency problem Recent research into TLS resumption flaws Google and Intel team up on hardware hacking DHS will hack enterprise kit Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg Hackers to show they can take over a European Space Agency satellite DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure Bill proposes new DHS centers for testing security of critical government tech UK says ‘Wagner-like cyber groups’ attacking critical infrastructure Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’ Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED We Really Need to Talk About Session Tickets | System Security Group Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica Finding PaperCut MF and NG servers DC health exchange breach traced back to misconfigured Amazon server Ukraine remains Russia’s biggest cyber focus in 2023 The hacker Bassterlord in his own words: Portrait of an access broker as a young man Hacker Group Names Are Now Absurdly Out of Control | WIRED

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Socket.dev, a software supply chain product that currently deploys as a GitHub addon Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure Mandiant joins us to pitch its Purple Team engagement product Enjoy! Show notes Socket - Secure your supply chain. Ship with confidence. Teleport: Identity-Native Infrastructure Access. Faster. More Secure. Purple Team Assessment | Improve Detection & Response

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Socket.dev, a software supply chain product that currently deploys as a GitHub addon Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure Mandiant joins us to pitch its Purple Team engagement product Enjoy! Show notes Socket - Secure your supply chain. Ship with confidence. Teleport: Identity-Native Infrastructure Access. Faster. More Secure. Purple Team Assessment | Improve Detection & Response

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why 3CX was the dumbest supply chain attack we’ve seen Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved How attackers are burning down cloud infrastructure The latest from the world of spyware Much, much more This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED 3CX support tells customers to investigate malware warnings themselves | Ars Technica North Korean hackers linked to 3CX supply-chain attack, investigation finds BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog CISA, Cisco highlight Russian military targeting of router vulnerabilities Israeli spyware software surveilling journalists, politicians Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch US commits $25 million to Costa Rica for Conti ransomware recovery State Department, Congress working on formal program for US cyber aid CISA and partners issue secure-by-design principles for software manufacturers | FedScoop Time to Designate Space Systems as Critical Infrastructure Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED Cyber company Darktrace gets caught up in LockBit gang's apparent blunder Payments giant says it is investigating ransomware incident that caused POS outage Cyberattack causing treatment delays at Canadian hospital German arms manufacturer Rheinmetall confirms cyberattack Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme Police arrest almost 120 people globally following Genesis Market takedown FBI accessed Genesis Market's backend servers as part of takedown LinkedIn Verification Now Lets You Verify Your Job and Account | WIRED Tech industry’s pain is NSA’s gain, cyber leader says about layoffs QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service - Check Point Research Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. | CyberScoop From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks Taiwan highly vulnerable to Chinese air attack, leaked documents show - The Washington Post Pentagon document leak raises questions about internal security - The Washington Post Leaked secret documents detail additional Chinese spy balloons - The Washington Post

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why 3CX was the dumbest supply chain attack we’ve seen Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved How attackers are burning down cloud infrastructure The latest from the world of spyware Much, much more This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED 3CX support tells customers to investigate malware warnings themselves | Ars Technica North Korean hackers linked to 3CX supply-chain attack, investigation finds BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog CISA, Cisco highlight Russian military targeting of router vulnerabilities Israeli spyware software surveilling journalists, politicians Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch US commits $25 million to Costa Rica for Conti ransomware recovery State Department, Congress working on formal program for US cyber aid CISA and partners issue secure-by-design principles for software manufacturers | FedScoop Time to Designate Space Systems as Critical Infrastructure Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED Cyber company Darktrace gets caught up in LockBit gang's apparent blunder Payments giant says it is investigating ransomware incident that caused POS outage Cyberattack causing treatment delays at Canadian hospital German arms manufacturer Rheinmetall confirms cyberattack Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme Police arrest almost 120 people globally following Genesis Market takedown FBI accessed Genesis Market's backend servers as part of takedown LinkedIn Verification Now Lets You Verify Your Job and Account | WIRED Tech industry’s pain is NSA’s gain, cyber leader says about layoffs QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service - Check Point Research Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. | CyberScoop From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks Taiwan highly vulnerable to Chinese air attack, leaked documents show - The Washington Post Pentagon document leak raises questions about internal security - The Washington Post Leaked secret documents detail additional Chinese spy balloons - The Washington Post

In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing. He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.

In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing. He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you. On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover: The Biden White House’s executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it’s time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned’ Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico’s water authority British hospital investigating impact of ‘contained’ cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you. On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover: The Biden White House’s executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it’s time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned’ Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico’s water authority British hospital investigating impact of ‘contained’ cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra. They cover: Yevgeny Prigozhin’s entire enterprise got majorly owned Kremlin bans iPhones among President’s staff A look at those Android handset baseband bugs (woof) A discussion of the acropalypse issue Why you need to sort out your egress filtering in light of the latest Outlook bug Shanna Daly joins us on stage to talk about why the infosec industry sucks Plus much much more This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Dossier Center Investigation: Prigozhin's Cyber Troops Unwanted communications - Newspaper Kommersant No. 46 (7491) dated 03/20/2023 Google tells users of some Android phones: Nuke voice calling to avoid infection | Ars Technica Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Severe exploit could expose sensitive data on Pixel screenshots previously cropped Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug Ransomware gang exploited a zero-day in Microsoft security feature, Google says Feds Charge NY Man as BreachForums Boss “Pompompurin” – Krebs on Security After BreachForums arrest, new site administrator says the platform will live on 3xp0rt on Twitter: "BreachForums is offline everywhere https://t.co/Q2o133e9Oy" / Twitter Two U.S. Men Charged in 2022 Hacking of DEA Portal – Krebs on Security Crypto ‘Mixer’ Laundered $700 Million For Customers, Including Russian And North Korean Spies, DOJ Says China-linked hackers exploit Fortinet zero-day in new spying campaign Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | CISA Clop ransomware is victimizing GoAnywhere MFT customers Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica Crypto ATM manufacturer General Bytes hacked, at least $1.5 million stolen

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra. They cover: Yevgeny Prigozhin’s entire enterprise got majorly owned Kremlin bans iPhones among President’s staff A look at those Android handset baseband bugs (woof) A discussion of the acropalypse issue Why you need to sort out your egress filtering in light of the latest Outlook bug Shanna Daly joins us on stage to talk about why the infosec industry sucks Plus much much more This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Dossier Center Investigation: Prigozhin's Cyber Troops Unwanted communications - Newspaper Kommersant No. 46 (7491) dated 03/20/2023 Google tells users of some Android phones: Nuke voice calling to avoid infection | Ars Technica Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Severe exploit could expose sensitive data on Pixel screenshots previously cropped Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug Ransomware gang exploited a zero-day in Microsoft security feature, Google says Feds Charge NY Man as BreachForums Boss “Pompompurin” – Krebs on Security After BreachForums arrest, new site administrator says the platform will live on 3xp0rt on Twitter: "BreachForums is offline everywhere https://t.co/Q2o133e9Oy" / Twitter Two U.S. Men Charged in 2022 Hacking of DEA Portal – Krebs on Security Crypto ‘Mixer’ Laundered $700 Million For Customers, Including Russian And North Korean Spies, DOJ Says China-linked hackers exploit Fortinet zero-day in new spying campaign Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | CISA Clop ransomware is victimizing GoAnywhere MFT customers Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica Crypto ATM manufacturer General Bytes hacked, at least $1.5 million stolen

Threat actors are really enjoying home networks and BYOD these days… On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why our LastPass/DPRK hunch weakened CISA launches ransomware warning program Is the Ring data extortion real? White House flags cloud service security regulation Pig Butchering overtakes BEC as top cybercrime earner Much more! This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant North Korean hackers target security researchers with a new backdoor | Ars Technica Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO CISA unveils ransomware warning pilot for critical infrastructure Data breach hits lawmakers and staff on Capitol Hill Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch The FBI Just Admitted It Bought US Location Data | WIRED ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED Malware infecting widely used security appliance survives firmware updates | Ars Technica People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes Australian official demands Russia bring criminal hackers ‘to heel’ DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security Twitter’s Most Important Anti-Censorship Tool Is Currently Dead CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability

Threat actors are really enjoying home networks and BYOD these days… On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why our LastPass/DPRK hunch weakened CISA launches ransomware warning program Is the Ring data extortion real? White House flags cloud service security regulation Pig Butchering overtakes BEC as top cybercrime earner Much more! This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant North Korean hackers target security researchers with a new backdoor | Ars Technica Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO CISA unveils ransomware warning pilot for critical infrastructure Data breach hits lawmakers and staff on Capitol Hill Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch The FBI Just Admitted It Bought US Location Data | WIRED ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED Malware infecting widely used security appliance survives firmware updates | Ars Technica People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes Australian official demands Russia bring criminal hackers ‘to heel’ DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security Twitter’s Most Important Anti-Censorship Tool Is Currently Dead CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability

Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why the White House’s cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. * NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub’s secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners’ data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won’t fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why the White House’s cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. * NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub’s secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners’ data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won’t fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at LastPass’s intrusion post mortem A very stable genius decided to ransomware the US Marshals Service Why Signal’s complaints about UK’s Online Safety Act are bad faith Much, much more… This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Additional details of the attack - LastPass Support LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica 'Major' U.S. Marshals Service hack compromises sensitive info DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig How I Broke Into a Bank Account With an AI-Generated Voice Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News Tines Automation Platform - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at LastPass’s intrusion post mortem A very stable genius decided to ransomware the US Marshals Service Why Signal’s complaints about UK’s Online Safety Act are bad faith Much, much more… This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Additional details of the attack - LastPass Support LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica 'Major' U.S. Marshals Service hack compromises sensitive info DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig How I Broke Into a Bank Account With an AI-Generated Voice Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News Tines Automation Platform - YouTube

In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about: What CCI actually does The CIA’s role in cyber intel and operations What lessons have been learned from Russia’s cyber campaigns targeting Ukraine Why a cyber conflict with China will be very, very different His views on the ransomware threat Much, much more

In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about: What CCI actually does The CIA’s role in cyber intel and operations What lessons have been learned from Russia’s cyber campaigns targeting Ukraine Why a cyber conflict with China will be very, very different His views on the ransomware threat Much, much more

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Twitter had to kill SMS 2FA A look at Meta’s new verification service How a ransomware attack disrupted the semiconductor supply chain Why Anonymous Sudan is probably a Russian info op Microsoft mixes up public and private keys in Azure B2C (for real) Much, much more This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter rat king 🐀 on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows google_fog_of_war_research_report.pdf Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News Azure B2C Crypto Misuse and Account Compromise - Praetorian GoDaddy: Hackers stole source code, installed malware in multi-year breach WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica Latest attack on PyPI users shows crooks are only getting better | Ars Technica Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Twitter had to kill SMS 2FA A look at Meta’s new verification service How a ransomware attack disrupted the semiconductor supply chain Why Anonymous Sudan is probably a Russian info op Microsoft mixes up public and private keys in Azure B2C (for real) Much, much more This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter rat king 🐀 on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows google_fog_of_war_research_report.pdf Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News Azure B2C Crypto Misuse and Account Compromise - Praetorian GoDaddy: Hackers stole source code, installed malware in multi-year breach WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica Latest attack on PyPI users shows crooks are only getting better | Ars Technica Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK

In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris. Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you. And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more. Enjoy!

In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris. Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you. And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more. Enjoy!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: North Korea is ransomwaring hospitals with homegrown and Russian strains Russia proposes law greenlighting “patriotic hacks” It’s 702 renewal time… again CISA releases ESXiArgs recovery script (yay!) UK mulls crimephone ban Much, much more This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics Risky Biz News: US and UK sanction seven Trickbot members United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability The FBI’s Most Controversial Surveillance Tool Is Under Threat | WIRED Meet the Creator of North Korea’s Favorite Crypto Privacy Service | WIRED CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News UK Proposes Making the Sale and Possession of Encrypted Phones Illegal UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News This week’s Reddit breach shows company’s security is (still) woefully inadequate | Ars Technica Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs OAuth ‘masterclass’ crowned top web hacking technique of 2022 | The Daily Swig New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig 'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: North Korea is ransomwaring hospitals with homegrown and Russian strains Russia proposes law greenlighting “patriotic hacks” It’s 702 renewal time… again CISA releases ESXiArgs recovery script (yay!) UK mulls crimephone ban Much, much more This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics Risky Biz News: US and UK sanction seven Trickbot members United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability The FBI’s Most Controversial Surveillance Tool Is Under Threat | WIRED Meet the Creator of North Korea’s Favorite Crypto Privacy Service | WIRED CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News UK Proposes Making the Sale and Possession of Encrypted Phones Illegal UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News This week’s Reddit breach shows company’s security is (still) woefully inadequate | Ars Technica Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs OAuth ‘masterclass’ crowned top web hacking technique of 2022 | The Daily Swig New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig 'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Unpatched ESXi boxes are getting rinsed GoAnywhere MFT file transfer boxes are too Royal Mail data being ransomed by Lockbit Advanced materials manufacturer and finance company among latest rware victims Guilty plea in Ubiquiti case Much, much more This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Ransomware wave hits thousands of VMWare ESXi servers Risky Biz News: Zero-day alert for GoAnywhere file transfer servers Royal Mail faces threat from ransomware group LockBit | Reuters ION brings clients back online after ransomware attack: Source | Business Insurance Hackers who breached ION say ransom paid; company declines comment | Reuters Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with | Evening Standard K-12 schools in Tucson, Nantucket respond to cyberattacks - The Record from Recorded Future News Ransomware gang attempts to extort UK school by posting files about at-risk children - The Record from Recorded Future News British steel industry supplier Vesuvius ‘currently managing cyber incident’ - The Record from Recorded Future News Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack - The Record from Recorded Future News All classes canceled at Irish university as it announces ‘significant IT breach’ - The Record from Recorded Future News Switzerland’s largest university confirms ‘serious cyberattack’ - The Record from Recorded Future News Dutch Police Read Messages of Encrypted Messenger 'Exclu' Julius 'zeekill' Kivimäki, former Lizard Squad hacker, arrested in France - The Record from Recorded Future News New York attorney general fines developer of stalking apps - The Record from Recorded Future News Microsoft alleges attacks on French magazine came from Iranian-backed group | Ars Technica Hackers linked to North Korea targeted Indian medical org, energy sector - The Record from Recorded Future News Google Cuts Company Protecting People From Surveillance To A ‘Skeleton Crew,’ Say Laid Off Workers Feds get guilty plea in Ubiquiti data extortion case - The Record from Recorded Future News For Hire: Ex-Ubiquiti Developer Charged With Extortion Microsoft notifies UK customers affected by hackers abusing ‘verified publisher’ tag - The Record from Recorded Future News Darknet drug market BlackSprut openly advertises on billboards in Moscow - The Record from Recorded Future News Toyota sealed up a backdoor to its global supplier management network | The Daily Swig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Unpatched ESXi boxes are getting rinsed GoAnywhere MFT file transfer boxes are too Royal Mail data being ransomed by Lockbit Advanced materials manufacturer and finance company among latest rware victims Guilty plea in Ubiquiti case Much, much more This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Ransomware wave hits thousands of VMWare ESXi servers Risky Biz News: Zero-day alert for GoAnywhere file transfer servers Royal Mail faces threat from ransomware group LockBit | Reuters ION brings clients back online after ransomware attack: Source | Business Insurance Hackers who breached ION say ransom paid; company declines comment | Reuters Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with | Evening Standard K-12 schools in Tucson, Nantucket respond to cyberattacks - The Record from Recorded Future News Ransomware gang attempts to extort UK school by posting files about at-risk children - The Record from Recorded Future News British steel industry supplier Vesuvius ‘currently managing cyber incident’ - The Record from Recorded Future News Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack - The Record from Recorded Future News All classes canceled at Irish university as it announces ‘significant IT breach’ - The Record from Recorded Future News Switzerland’s largest university confirms ‘serious cyberattack’ - The Record from Recorded Future News Dutch Police Read Messages of Encrypted Messenger 'Exclu' Julius 'zeekill' Kivimäki, former Lizard Squad hacker, arrested in France - The Record from Recorded Future News New York attorney general fines developer of stalking apps - The Record from Recorded Future News Microsoft alleges attacks on French magazine came from Iranian-backed group | Ars Technica Hackers linked to North Korea targeted Indian medical org, energy sector - The Record from Recorded Future News Google Cuts Company Protecting People From Surveillance To A ‘Skeleton Crew,’ Say Laid Off Workers Feds get guilty plea in Ubiquiti data extortion case - The Record from Recorded Future News For Hire: Ex-Ubiquiti Developer Charged With Extortion Microsoft notifies UK customers affected by hackers abusing ‘verified publisher’ tag - The Record from Recorded Future News Darknet drug market BlackSprut openly advertises on billboards in Moscow - The Record from Recorded Future News Toyota sealed up a backdoor to its global supplier management network | The Daily Swig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the Hive takedown UK’s Royal Mail still struggling GitHub’s code signing certificates stolen TSA misses the point on no-fly list theft Much, much more This week’s show is brought to you by Remediant, which is now a part of Netwrix. Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes U.S. Department of Justice Disrupts Hive Ransomware Variant | OPA | Department of Justice U.S. Department of Justice Disrupts Hive Ransomware Variant - YouTube Ransomware experts laud Hive takedown but question impact without arrests - The Record from Recorded Future News Royal Mail progressing to full operations following ransomware attack - The Record from Recorded Future News British government minister told council to keep quiet after ransomware attack - The Record from Recorded Future News The Untold Story of a Crippling Ransomware Attack | WIRED Russia blocks access to US ‘Rewards for Justice,’ FBI and CIA websites - The Record from Recorded Future News GitHub says hackers cloned code-signing certificates in breached repository | Ars Technica ESET: Sandworm could be behind new file-deleting malware targeting Ukraine - The Record from Recorded Future News TSA issues security directive to airports, carriers after 'no-fly' list leak - The Record from Recorded Future News U.S. No Fly list shared on a hacking forum, government investigating Chinese influence operations may lack critical element: influence | CyberScoop Cybercriminals scam two federal agencies via remote desktop tool, CISA warns | CyberScoop Kevin Rose loses pricey NFTs to wallet hack Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move NFT company gets restraining order to freeze hacker’s online wallet - The Record from Recorded Future News Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges | WIRED Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai Facebook two-factor authentication bypass issue patched | The Daily Swig AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the Hive takedown UK’s Royal Mail still struggling GitHub’s code signing certificates stolen TSA misses the point on no-fly list theft Much, much more This week’s show is brought to you by Remediant, which is now a part of Netwrix. Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes U.S. Department of Justice Disrupts Hive Ransomware Variant | OPA | Department of Justice U.S. Department of Justice Disrupts Hive Ransomware Variant - YouTube Ransomware experts laud Hive takedown but question impact without arrests - The Record from Recorded Future News Royal Mail progressing to full operations following ransomware attack - The Record from Recorded Future News British government minister told council to keep quiet after ransomware attack - The Record from Recorded Future News The Untold Story of a Crippling Ransomware Attack | WIRED Russia blocks access to US ‘Rewards for Justice,’ FBI and CIA websites - The Record from Recorded Future News GitHub says hackers cloned code-signing certificates in breached repository | Ars Technica ESET: Sandworm could be behind new file-deleting malware targeting Ukraine - The Record from Recorded Future News TSA issues security directive to airports, carriers after 'no-fly' list leak - The Record from Recorded Future News U.S. No Fly list shared on a hacking forum, government investigating Chinese influence operations may lack critical element: influence | CyberScoop Cybercriminals scam two federal agencies via remote desktop tool, CISA warns | CyberScoop Kevin Rose loses pricey NFTs to wallet hack Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move NFT company gets restraining order to freeze hacker’s online wallet - The Record from Recorded Future News Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges | WIRED Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai Facebook two-factor authentication bypass issue patched | The Daily Swig AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse

In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Google’s search results have become a malware-riddled sh*tshow Ransomware payment values dropped by 40% YoY in 2022 Kraken takes over Solaris the old school way Grand Theft Auto RCE is wreaking havoc ManageEngine customers are all getting owned So you know, pretty much business as usual This week’s show is brought to you by Kroll. Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Google Search and Ads have a major malware problem Justice Department Sues Google for Monopolizing Digital Advertising Technologies | OPA | Department of Justice Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner A Sneaky Ad Scam Tore Through 11 Million Phones | WIRED Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too International Counter Ransomware Task Force kicks off - The Record from Recorded Future News Risky Biz News: Dark web mega-hack as Kraken takes over Solaris Congressman ‘coming for answers’ after ‘no-fly list’ hack - The Record from Recorded Future News Hackers Demand $10M From Riot Games to Stop Leak of ‘League of Legends’ Source Code CVE - CVE-2023-24059 GoTo says hackers stole encrypted backups during November cyberattack - The Record from Recorded Future News Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack - The Record from Recorded Future News Pakistani authorities investigating if cyberattack caused nationwide blackout - The Record from Recorded Future News Royal Mail trials ‘operational workarounds’ following suspected ransomware attack - The Record from Recorded Future News Ransomware attack hits nearly 300 fast food restaurants in UK, including KFC and Pizza Hut - The Record from Recorded Future News Canada's largest alcohol retailer infected with card skimming malware twice since December - The Record from Recorded Future News Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack - The Record from Recorded Future News Samsung investigating claims of hack on South Korea systems, internal employee platform - The Record from Recorded Future News Electronic health record giant NextGen dealing with cyberattack - The Record from Recorded Future News Cyberattack on Nunavut energy supplier limits company operations - The Record from Recorded Future News More than 100 Mailchimp accounts accessed via social engineering cyberattack - The Record from Recorded Future News New T-Mobile Breach Affects 37 Million Accounts – Krebs on Security Suspected Chinese hackers exploit vulnerability in Fortinet devices - The Record from Recorded Future News More than 4,400 Sophos firewall servers remain vulnerable to critical exploits | Ars Technica CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog AWS patches bypass bug in CloudTrail API monitoring tool | The Daily Swig 2022 Microsoft Teams RCE Git security audit reveals critical overflow bugs | The Daily Swig U.S. arrests Bitzlato cofounder, alleges $700 mln of illicit funds processed | Reuters FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft — FBI

In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Google’s search results have become a malware-riddled sh*tshow Ransomware payment values dropped by 40% YoY in 2022 Kraken takes over Solaris the old school way Grand Theft Auto RCE is wreaking havoc ManageEngine customers are all getting owned So you know, pretty much business as usual This week’s show is brought to you by Kroll. Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Google Search and Ads have a major malware problem Justice Department Sues Google for Monopolizing Digital Advertising Technologies | OPA | Department of Justice Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner A Sneaky Ad Scam Tore Through 11 Million Phones | WIRED Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too International Counter Ransomware Task Force kicks off - The Record from Recorded Future News Risky Biz News: Dark web mega-hack as Kraken takes over Solaris Congressman ‘coming for answers’ after ‘no-fly list’ hack - The Record from Recorded Future News Hackers Demand $10M From Riot Games to Stop Leak of ‘League of Legends’ Source Code CVE - CVE-2023-24059 GoTo says hackers stole encrypted backups during November cyberattack - The Record from Recorded Future News Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack - The Record from Recorded Future News Pakistani authorities investigating if cyberattack caused nationwide blackout - The Record from Recorded Future News Royal Mail trials ‘operational workarounds’ following suspected ransomware attack - The Record from Recorded Future News Ransomware attack hits nearly 300 fast food restaurants in UK, including KFC and Pizza Hut - The Record from Recorded Future News Canada's largest alcohol retailer infected with card skimming malware twice since December - The Record from Recorded Future News Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack - The Record from Recorded Future News Samsung investigating claims of hack on South Korea systems, internal employee platform - The Record from Recorded Future News Electronic health record giant NextGen dealing with cyberattack - The Record from Recorded Future News Cyberattack on Nunavut energy supplier limits company operations - The Record from Recorded Future News More than 100 Mailchimp accounts accessed via social engineering cyberattack - The Record from Recorded Future News New T-Mobile Breach Affects 37 Million Accounts – Krebs on Security Suspected Chinese hackers exploit vulnerability in Fortinet devices - The Record from Recorded Future News More than 4,400 Sophos firewall servers remain vulnerable to critical exploits | Ars Technica CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog AWS patches bypass bug in CloudTrail API monitoring tool | The Daily Swig 2022 Microsoft Teams RCE Git security audit reveals critical overflow bugs | The Daily Swig U.S. arrests Bitzlato cofounder, alleges $700 mln of illicit funds processed | Reuters FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft — FBI

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Royal Mail attack was LockBit and GCHQ will probably “bust some heads” CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age Cloudflare backs Mastodon Paul Nakasone: NSA did some great stuff! It was really good! Cisco won’t patch SMB routers sold in 2020 Much, much more This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Royal Mail cyberattack linked to LockBit ransomware operation Ransomware Diaries: Volume 1 | Analyst1 Congressman calls on CISA to investigate air travel vulnerabilities after outage - The Record from Recorded Future News Ransomware attack on maritime software impacts 1,000 ships - The Record from Recorded Future News CircleCI incident report for January 4, 2023 security incident Researchers: Large language models will revolutionize digital propaganda campaigns Nick Cave - The Red Hand Files - Issue #218 GitHub - cloudflare/wildebeest: Wildebeest is an ActivityPub and Mastodon-compatible server Meta sues Voyager Labs over scraping user data Twitter says leaked data on 200 million users was likely publicly available info - The Record from Recorded Future News A Police App Exposed Secret Details About Raids and Suspects | WIRED ODIN Intelligence website is defaced as hackers claim breach | TechCrunch Nakasone: Foreign surveillance program helped fend off cyberattacks - The Record from Recorded Future News The Guardian confirms criminals accessed staff data in ransomware attack - The Record from Recorded Future News Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach - The Record from Recorded Future News Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations The FBI Won't Say Whether It Hacked Dark Web ISIS Site Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks - The Record from Recorded Future News Cisco warns of two vulnerabilities affecting end-of-life routers - The Record from Recorded Future News Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica Vulnerability with 9.8 severity in Control Web Panel is under active exploit | Ars Technica CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog - The Record from Recorded Future News Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Royal Mail attack was LockBit and GCHQ will probably “bust some heads” CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age Cloudflare backs Mastodon Paul Nakasone: NSA did some great stuff! It was really good! Cisco won’t patch SMB routers sold in 2020 Much, much more This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Royal Mail cyberattack linked to LockBit ransomware operation Ransomware Diaries: Volume 1 | Analyst1 Congressman calls on CISA to investigate air travel vulnerabilities after outage - The Record from Recorded Future News Ransomware attack on maritime software impacts 1,000 ships - The Record from Recorded Future News CircleCI incident report for January 4, 2023 security incident Researchers: Large language models will revolutionize digital propaganda campaigns Nick Cave - The Red Hand Files - Issue #218 GitHub - cloudflare/wildebeest: Wildebeest is an ActivityPub and Mastodon-compatible server Meta sues Voyager Labs over scraping user data Twitter says leaked data on 200 million users was likely publicly available info - The Record from Recorded Future News A Police App Exposed Secret Details About Raids and Suspects | WIRED ODIN Intelligence website is defaced as hackers claim breach | TechCrunch Nakasone: Foreign surveillance program helped fend off cyberattacks - The Record from Recorded Future News The Guardian confirms criminals accessed staff data in ransomware attack - The Record from Recorded Future News Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach - The Record from Recorded Future News Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations The FBI Won't Say Whether It Hacked Dark Web ISIS Site Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks - The Record from Recorded Future News Cisco warns of two vulnerabilities affecting end-of-life routers - The Record from Recorded Future News Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica Vulnerability with 9.8 severity in Control Web Panel is under active exploit | Ars Technica CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog - The Record from Recorded Future News Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes: Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem Why automotive security research will actually be interesting this year PLUS: A bunch of random news! This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff! Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig LastPass: Hackers accessed and copied customers’ password vaults - The Record from Recorded Future News GitHub incident allowed attacker to copy Okta's source code - The Record from Recorded Future News Supreme Court dismisses spyware company NSO Group’s claim of immunity - The Record from Recorded Future News Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans - The Record from Recorded Future News Iran’s support of Russia draws attention of pro-Ukraine hackers - The Record from Recorded Future News Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it - The Record from Recorded Future News CISA researchers: Russia's Fancy Bear infiltrated US satellite network Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine Military operations software in Ukraine was hit by Russian hackers - The Record from Recorded Future News New supply chain attack targeted Ukrainian government networks - The Record from Recorded Future News Moldovaʼs government hit by flood of phishing attacks - The Record from Recorded Future News Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation | Ars Technica Cyber Command conducted offensive operations to protect midterm elections - The Record from Recorded Future News Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record from Recorded Future News British company that helps make semiconductors hit by cyber incident - The Record from Recorded Future News Port of Lisbon website still down as LockBit gang claims cyberattack - The Record from Recorded Future News SickKids: 80% of hospital priority systems back online after LockBit ransomware attack - The Record from Recorded Future News Canada's largest children's hospital struggles to recover from pre-Christmas ransomware attack - The Record from Recorded Future News Canadian copper mine suffers ransomware attack, shuts down mills - The Record from Recorded Future News Los Angeles housing authority says cyberattack disrupting systems - The Record from Recorded Future News The Guardian contacts data protection regulator after suspected ransomware incident - The Record from Recorded Future News Australian fire service operating 85 stations shuts down network after cyberattack - The Record from Recorded Future News San Francisco BART investigating ransomware attack - The Record from Recorded Future News Hackers leak sensitive files following attack on San Francisco transit police New U.S. cyber strategy will require critical infrastructure companies to protect against hacks - The Washington Post Car hackers discover vulnerabilities that could let them hijack millions of vehicles Compromised dispatch system helped move taxis to front of the line | Ars Technica Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots Cybercriminals’ latest grift: powdered milk and sugar by the truckload - The Record from Recorded Future News This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists - The Record from Recorded Future News Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure. - The Record from Recorded Future News Key bitcoin developer calls on FBI to recover $3.6M in digital coin | Ars Technica Chick-fil-A acknowledges customer account abuse but denies compromise of internal systems - The Record from Recorded Future News Microsoft ends Windows 7 security updates | TechCrunch

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes: Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem Why automotive security research will actually be interesting this year PLUS: A bunch of random news! This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff! Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig LastPass: Hackers accessed and copied customers’ password vaults - The Record from Recorded Future News GitHub incident allowed attacker to copy Okta's source code - The Record from Recorded Future News Supreme Court dismisses spyware company NSO Group’s claim of immunity - The Record from Recorded Future News Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans - The Record from Recorded Future News Iran’s support of Russia draws attention of pro-Ukraine hackers - The Record from Recorded Future News Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it - The Record from Recorded Future News CISA researchers: Russia's Fancy Bear infiltrated US satellite network Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine Military operations software in Ukraine was hit by Russian hackers - The Record from Recorded Future News New supply chain attack targeted Ukrainian government networks - The Record from Recorded Future News Moldovaʼs government hit by flood of phishing attacks - The Record from Recorded Future News Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation | Ars Technica Cyber Command conducted offensive operations to protect midterm elections - The Record from Recorded Future News Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record from Recorded Future News British company that helps make semiconductors hit by cyber incident - The Record from Recorded Future News Port of Lisbon website still down as LockBit gang claims cyberattack - The Record from Recorded Future News SickKids: 80% of hospital priority systems back online after LockBit ransomware attack - The Record from Recorded Future News Canada's largest children's hospital struggles to recover from pre-Christmas ransomware attack - The Record from Recorded Future News Canadian copper mine suffers ransomware attack, shuts down mills - The Record from Recorded Future News Los Angeles housing authority says cyberattack disrupting systems - The Record from Recorded Future News The Guardian contacts data protection regulator after suspected ransomware incident - The Record from Recorded Future News Australian fire service operating 85 stations shuts down network after cyberattack - The Record from Recorded Future News San Francisco BART investigating ransomware attack - The Record from Recorded Future News Hackers leak sensitive files following attack on San Francisco transit police New U.S. cyber strategy will require critical infrastructure companies to protect against hacks - The Washington Post Car hackers discover vulnerabilities that could let them hijack millions of vehicles Compromised dispatch system helped move taxis to front of the line | Ars Technica Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots Cybercriminals’ latest grift: powdered milk and sugar by the truckload - The Record from Recorded Future News This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists - The Record from Recorded Future News Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure. - The Record from Recorded Future News Key bitcoin developer calls on FBI to recover $3.6M in digital coin | Ars Technica Chick-fil-A acknowledges customer account abuse but denies compromise of internal systems - The Record from Recorded Future News Microsoft ends Windows 7 security updates | TechCrunch

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Apple to introduce user-encrypted backups, FBI is sad Twitter ices e2ee plans for DMs RackSpace is getting sued over its hosted Exchange ransomware incident Dodgy driving: Microsoft signs some shady stuff Japan to change laws, release the Shibas A look at the US NDAA Much, much more This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Apple Expands End-to-End Encryption to iCloud Backups | WIRED FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED Risky Biz News: Disgruntled member doxes and extorts URSNIF gang U.S. agency warns that hackers are going after Citrix networking gear | Reuters Police raid offices of Predator spyware seller Intellexa | eKathimerini.com $858 billion defense bill focuses heavily on cyber. These are some highlights. Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future ‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future LockBit ransomware crew claims attack on California Department of Finance PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED Internet Explorer 0-day exploited by North Korean actor APT37 Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Apple to introduce user-encrypted backups, FBI is sad Twitter ices e2ee plans for DMs RackSpace is getting sued over its hosted Exchange ransomware incident Dodgy driving: Microsoft signs some shady stuff Japan to change laws, release the Shibas A look at the US NDAA Much, much more This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Apple Expands End-to-End Encryption to iCloud Backups | WIRED FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED Risky Biz News: Disgruntled member doxes and extorts URSNIF gang U.S. agency warns that hackers are going after Citrix networking gear | Reuters Police raid offices of Predator spyware seller Intellexa | eKathimerini.com $858 billion defense bill focuses heavily on cyber. These are some highlights. Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future ‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future LockBit ransomware crew claims attack on California Department of Finance PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED Internet Explorer 0-day exploited by North Korean actor APT37 Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED

In this sponsored podcast Patrick Gray and Ryan Kalember talk about Proofpoint’s acquisition of Illusive, a company that started off in the “deception” space and then moved towards doing attack path analysis and management. Show notes Proofpoint Signs Definitive Agreement to Acquire Illusive

In this sponsored podcast Patrick Gray and Ryan Kalember talk about Proofpoint’s acquisition of Illusive, a company that started off in the “deception” space and then moved towards doing attack path analysis and management. Show notes Proofpoint Signs Definitive Agreement to Acquire Illusive

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Samsung, LG Android signing keys pinched LastPass gets owned again APT41 steal covid relief money Amnesty International hacked in Canada Much, much more This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware Leaked Android Platform Certificates Create Risks for Users | Rapid7 Blog 100 - Platform certificates used to sign malware - apvi Hackers accessed LastPass customer details using information stolen in August hack - The Record by Recorded Future Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says Amnesty International breach linked to Chinese government, investigation finds - The Record by Recorded Future Iranian espionage campaign targets journalists, diplomats, activists, says Human Rights Watch - The Record by Recorded Future New details on commercial spyware vendor Variston ‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter - The Record by Recorded Future Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica ChatGPT shows promise of using AI to write malware - CyberScoop DHS cyber safety board to probe Lapsus$ hacks - The Record by Recorded Future Kris Nóva: "We are currently investigating…" - Hachyderm.io Hive Social turns off servers after researchers warn hackers can access all data | Ars Technica Spam is drowning out Twitter posts about Covid protests in China French hospital complex suspends operations, transfers patients after ransomware attack - The Record by Recorded Future Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen | SecurityWeek.Com Guatemala's Foreign Ministry investigating ransomware attack - The Record by Recorded Future Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald UK introducing mandatory cyber incident reporting for managed service providers - The Record by Recorded Future Florida Man Sentenced To 18 Months For Theft Of Over $20 Million In SIM Swap Scheme | USAO-SDNY | Department of Justice Binance freezes $3 million worth of crypto stolen in Ankr hack - The Record by Recorded Future Play app with 100K downloads booted for forwarding texts to developer server | Ars Technica Go SAML library vulnerable to authentication bypass | The Daily Swig Okta and Phishing Resistant Authentication - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Samsung, LG Android signing keys pinched LastPass gets owned again APT41 steal covid relief money Amnesty International hacked in Canada Much, much more This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware Leaked Android Platform Certificates Create Risks for Users | Rapid7 Blog 100 - Platform certificates used to sign malware - apvi Hackers accessed LastPass customer details using information stolen in August hack - The Record by Recorded Future Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says Amnesty International breach linked to Chinese government, investigation finds - The Record by Recorded Future Iranian espionage campaign targets journalists, diplomats, activists, says Human Rights Watch - The Record by Recorded Future New details on commercial spyware vendor Variston ‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter - The Record by Recorded Future Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica ChatGPT shows promise of using AI to write malware - CyberScoop DHS cyber safety board to probe Lapsus$ hacks - The Record by Recorded Future Kris Nóva: "We are currently investigating…" - Hachyderm.io Hive Social turns off servers after researchers warn hackers can access all data | Ars Technica Spam is drowning out Twitter posts about Covid protests in China French hospital complex suspends operations, transfers patients after ransomware attack - The Record by Recorded Future Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen | SecurityWeek.Com Guatemala's Foreign Ministry investigating ransomware attack - The Record by Recorded Future Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald UK introducing mandatory cyber incident reporting for managed service providers - The Record by Recorded Future Florida Man Sentenced To 18 Months For Theft Of Over $20 Million In SIM Swap Scheme | USAO-SDNY | Department of Justice Binance freezes $3 million worth of crypto stolen in Ankr hack - The Record by Recorded Future Play app with 100K downloads booted for forwarding texts to developer server | Ars Technica Go SAML library vulnerable to authentication bypass | The Daily Swig Okta and Phishing Resistant Authentication - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: UK, USA ban Chinese security cameras What is the Boa webserver and why is it everywhere? Vanuatu, Guadeloupe smashed by ransomware REvil back with more dumps despite ASD attention Much, much more This week’s sponsor guest is Jake King from Elastic Security, who joins us to talk through the company’s most recent threat report. There’s a link to the report in our show notes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes British government bans Chinese surveillance cameras from sensitive locations - The Record by Recorded Future US government bans Huawei, ZTE and Hikvision tech over ‘unacceptable’ spying fears | TechCrunch What if Russian commercial aviation cuts too many safety corners? — Meduza Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability - The Record by Recorded Future U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer – Krebs on Security Guadeloupe kickstarts continuity plan after wide-ranging cyberattack - The Record by Recorded Future Vanuatu hospital staff using pen and paper after cyber attack that crippled public sector - ABC News Extortion site used in Medibank attack goes offline after Australian gov pledges ‘offensive’ actions - The Record by Recorded Future ThreatMon Ransomware Monitoring on Twitter: Risky Biz News: Australia passes new privacy bill with huge data breach fines Sandworm hacking group linked to new ransomware deployed in Ukraine - The Record by Recorded Future UK Parliament launches inquiry into national security strategy around ransomware - The Record by Recorded Future Canadian food giant refuses to pay ransom after gang threatens data leak - The Record by Recorded Future Almost 1,000 suspects arrested in Interpol operation which seized over $129 million - The Record by Recorded Future Risky Biz News: Authorities seize iSpoof in major blow to fraudsters and cybercrime groups Espionage group using USB devices to hack targets in Southeast Asia - The Record by Recorded Future WikiLeaks' Website Is Slowly Falling Apart European Parliament declares Russia a terrorism sponsor, then its site goes down | Ars Technica Hackers are spreading malware via trending TikTok challenge: report - The Record by Recorded Future Samantha Borrego iS iNfeCtEd noT pArAnOID on Twitter: elastic-global-threat-report-vol-1-2022.pdf

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: UK, USA ban Chinese security cameras What is the Boa webserver and why is it everywhere? Vanuatu, Guadeloupe smashed by ransomware REvil back with more dumps despite ASD attention Much, much more This week’s sponsor guest is Jake King from Elastic Security, who joins us to talk through the company’s most recent threat report. There’s a link to the report in our show notes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes British government bans Chinese surveillance cameras from sensitive locations - The Record by Recorded Future US government bans Huawei, ZTE and Hikvision tech over ‘unacceptable’ spying fears | TechCrunch What if Russian commercial aviation cuts too many safety corners? — Meduza Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability - The Record by Recorded Future U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer – Krebs on Security Guadeloupe kickstarts continuity plan after wide-ranging cyberattack - The Record by Recorded Future Vanuatu hospital staff using pen and paper after cyber attack that crippled public sector - ABC News Extortion site used in Medibank attack goes offline after Australian gov pledges ‘offensive’ actions - The Record by Recorded Future ThreatMon Ransomware Monitoring on Twitter: Risky Biz News: Australia passes new privacy bill with huge data breach fines Sandworm hacking group linked to new ransomware deployed in Ukraine - The Record by Recorded Future UK Parliament launches inquiry into national security strategy around ransomware - The Record by Recorded Future Canadian food giant refuses to pay ransom after gang threatens data leak - The Record by Recorded Future Almost 1,000 suspects arrested in Interpol operation which seized over $129 million - The Record by Recorded Future Risky Biz News: Authorities seize iSpoof in major blow to fraudsters and cybercrime groups Espionage group using USB devices to hack targets in Southeast Asia - The Record by Recorded Future WikiLeaks' Website Is Slowly Falling Apart European Parliament declares Russia a terrorism sponsor, then its site goes down | Ars Technica Hackers are spreading malware via trending TikTok challenge: report - The Record by Recorded Future Samantha Borrego iS iNfeCtEd noT pArAnOID on Twitter: elastic-global-threat-report-vol-1-2022.pdf

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Half of all UK COBRA meetings are ransomware related Ransomware biggest risk to US port security White House to move on spyware industry EU to launch its own Starlink equivalent Much, much more AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future DHS Secretary: Cyberattacks are the most significant threat to port infrastructure - The Record by Recorded Future Michigan school districts reopen after three-day closure due to ransomware attack - The Record by Recorded Future Microsoft: Royal ransomware group using Google Ads in campaign - The Record by Recorded Future Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security Risky Biz News: Cyber Partisans hack and disrupt Kremlin censor US, Estonian authorities arrest two over $575 million cryptocurrency fraud - The Record by Recorded Future New FTX CEO details 'complete failure of corporate controls' at crypto platform OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs EU reaches agreement on new satellite constellation - The Record by Recorded Future Ukraine’s Engineers Dodged Russian Mines To Get Kherson Back Online–With A Little Help From Elon Musk’s Satellites Senate Democrats call on FTC to investigate Twitter's data security 11.17.22 - FTC - Twitter Letter Twitter has a lot of your data. Here's what you can do about it. Mastodon vulnerable to multiple system configuration problems | The Daily Swig System misconfiguration is the number one vulnerability, at least for Mastodon White House expected to issue executive order reining in spyware H20220930-005_Himes-Speier cc's - DocumentCloud A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup | WIRED Risky Biz News: Iranian state hackers breached US government agency and deployed a cryptominer, out of all things India removes ban on VLC media player after cybersecurity concerns addressed - The Record by Recorded Future Amazon addresses vulnerability affecting AWS AppSync - The Record by Recorded Future CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Half of all UK COBRA meetings are ransomware related Ransomware biggest risk to US port security White House to move on spyware industry EU to launch its own Starlink equivalent Much, much more AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future DHS Secretary: Cyberattacks are the most significant threat to port infrastructure - The Record by Recorded Future Michigan school districts reopen after three-day closure due to ransomware attack - The Record by Recorded Future Microsoft: Royal ransomware group using Google Ads in campaign - The Record by Recorded Future Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security Risky Biz News: Cyber Partisans hack and disrupt Kremlin censor US, Estonian authorities arrest two over $575 million cryptocurrency fraud - The Record by Recorded Future New FTX CEO details 'complete failure of corporate controls' at crypto platform OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs EU reaches agreement on new satellite constellation - The Record by Recorded Future Ukraine’s Engineers Dodged Russian Mines To Get Kherson Back Online–With A Little Help From Elon Musk’s Satellites Senate Democrats call on FTC to investigate Twitter's data security 11.17.22 - FTC - Twitter Letter Twitter has a lot of your data. Here's what you can do about it. Mastodon vulnerable to multiple system configuration problems | The Daily Swig System misconfiguration is the number one vulnerability, at least for Mastodon White House expected to issue executive order reining in spyware H20220930-005_Himes-Speier cc's - DocumentCloud A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup | WIRED Risky Biz News: Iranian state hackers breached US government agency and deployed a cryptominer, out of all things India removes ban on VLC media player after cybersecurity concerns addressed - The Record by Recorded Future Amazon addresses vulnerability affecting AWS AppSync - The Record by Recorded Future CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA

In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code. Show notes The Big Fix | Snyk

In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code. Show notes The Big Fix | Snyk

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one) Twitter’s wheels haven’t fallen off yet but they sure are wobbling Hundreds of millions stolen from FTX mid implosion Security researchers start looking at Mastodon and… yeah Much, much more! This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Australia to hack the hackers Australia to consider banning ransomware payments - The Record by Recorded Future Two enormous cyberattacks convince Australia to 'hack the hackers' - The Washington Post Australian Federal Police say cybercriminals in Russia behind Medibank hack - The Record by Recorded Future The Hunt for the FTX Thieves Has Begun | WIRED US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program - The Record by Recorded Future Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff Twitter’s Security And Privacy Leaders Quit Amidst Musk’s Chaotic Takeover FTC tracking developments at Twitter with 'deep concern' after CISO resigns - The Record by Recorded Future Mastodon users vulnerable to password-stealing attacks | The Daily Swig Risky Biz News: Major hack-and-leak info-op unfolding in Moldova All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries | Symantec Enterprise Blogs Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers - The Record by Recorded Future Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Google Pixel screen-lock hack earns researcher $70k | The Daily Swig DJ Zavala & DMNTED - Welcome to Ukraine - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one) Twitter’s wheels haven’t fallen off yet but they sure are wobbling Hundreds of millions stolen from FTX mid implosion Security researchers start looking at Mastodon and… yeah Much, much more! This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Australia to hack the hackers Australia to consider banning ransomware payments - The Record by Recorded Future Two enormous cyberattacks convince Australia to 'hack the hackers' - The Washington Post Australian Federal Police say cybercriminals in Russia behind Medibank hack - The Record by Recorded Future The Hunt for the FTX Thieves Has Begun | WIRED US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program - The Record by Recorded Future Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff Twitter’s Security And Privacy Leaders Quit Amidst Musk’s Chaotic Takeover FTC tracking developments at Twitter with 'deep concern' after CISO resigns - The Record by Recorded Future Mastodon users vulnerable to password-stealing attacks | The Daily Swig Risky Biz News: Major hack-and-leak info-op unfolding in Moldova All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries | Symantec Enterprise Blogs Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers - The Record by Recorded Future Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Google Pixel screen-lock hack earns researcher $70k | The Daily Swig DJ Zavala & DMNTED - Welcome to Ukraine - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar’s $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week’s sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless’: how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity’ - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar’s $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week’s sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless’: how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity’ - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Twitter’s verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Twitter’s verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Truffle Security talks secrets discovery KSOC builds Kubernetes security tools Snyk has a new product to better secure Infrastructure as Code Show notes Unearth Your Secrets - Truffle Security KSOC: Kubernetes Security Operations Center Cloud Security across the SDLC with Policy as Code | Snyk

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Truffle Security talks secrets discovery KSOC builds Kubernetes security tools Snyk has a new product to better secure Infrastructure as Code Show notes Unearth Your Secrets - Truffle Security KSOC: Kubernetes Security Operations Center Cloud Security across the SDLC with Policy as Code | Snyk

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Tines, the no code security automation solution that people are going absolutely nuts over Code42, the insider threat detection solution maker Kroll talks about its MDR offering

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Tines, the no code security automation solution that people are going absolutely nuts over Code42, the insider threat detection solution maker Kroll talks about its MDR offering

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you United States puts chipmaking restrictions on China, APT activity is coming Elon blinks and Starlink goes dark on Ukraine’s front line Master cyber criminal arrested in Australia Much, much more This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO Joe Sullivan guilty in Uber hacking case - The Washington Post Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict - The Record by Recorded Future U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post Popular censorship circumvention tools face fresh blockade by China | TechCrunch 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK Risky Biz News: China blocks several protocols used to bypass the Great Firewall Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud Starlink goes dark Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future Someone is clogging up the Zcash blockchain with a spam attack Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you United States puts chipmaking restrictions on China, APT activity is coming Elon blinks and Starlink goes dark on Ukraine’s front line Master cyber criminal arrested in Australia Much, much more This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO Joe Sullivan guilty in Uber hacking case - The Washington Post Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict - The Record by Recorded Future U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post Popular censorship circumvention tools face fresh blockade by China | TechCrunch 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK Risky Biz News: China blocks several protocols used to bypass the Great Firewall Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud Starlink goes dark Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future Someone is clogging up the Zcash blockchain with a spam attack Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: More Exchange 0days cause more havoc A look at some earlier Exchange hack incidents How the CIA got its agents killed with its truly awful online opsec Ex NSA staffer arrested for espionage Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future CISA: Multiple government hacking groups had ‘long-term’ access to defense company - The Record by Recorded Future Mexican president confirms ‘Guacamaya’ hack targeting regional militaries - The Record by Recorded Future Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter Numerous orgs hacked after installing weaponized open source apps | Ars Technica 'Poisoned' Tor Browser tracks Chinese users' online history, location Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying | WIRED A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED LA officials confirm ransomware group leaked students’ personal data - The Record by Recorded Future Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security House Democrats debut new bill to limit US police use of facial recognition | TechCrunch EP000: Operation Aurora | HACKING GOOGLE - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: More Exchange 0days cause more havoc A look at some earlier Exchange hack incidents How the CIA got its agents killed with its truly awful online opsec Ex NSA staffer arrested for espionage Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future CISA: Multiple government hacking groups had ‘long-term’ access to defense company - The Record by Recorded Future Mexican president confirms ‘Guacamaya’ hack targeting regional militaries - The Record by Recorded Future Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter Numerous orgs hacked after installing weaponized open source apps | Ars Technica 'Poisoned' Tor Browser tracks Chinese users' online history, location Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying | WIRED A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED LA officials confirm ransomware group leaked students’ personal data - The Record by Recorded Future Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security House Democrats debut new bill to limit US police use of facial recognition | TechCrunch EP000: Operation Aurora | HACKING GOOGLE - YouTube

In this Soap Box podcast Patrick Gray interviews Airlock Digital CTO Daniel Schell and CEO David Cottingham about Microsoft’s new Smart Application Control feature, why controlling browser extensions via endpoint instrumentation is really hard and why PAM solutions don’t actually do allowlisting, even if they claim they do.

In this Soap Box podcast Patrick Gray interviews Airlock Digital CTO Daniel Schell and CEO David Cottingham about Microsoft’s new Smart Application Control feature, why controlling browser extensions via endpoint instrumentation is really hard and why PAM solutions don’t actually do allowlisting, even if they claim they do.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Lapsus$’s Teapot arrested by UK police Optus hacker issues grovelling apology after feeling AFP and ASD heat Ukraine claims Russia is planning massive attacks on its infrastructure RSOCKS bot herder begs for extradition to USA Russians scammed when seeking military service exemptions Much, much more This week’s show is sponsored by Votiro. Ravi Srinivasan, Votiro’s CEO, joins the show this week to talk about how people are using content disarm and reconstruction. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes British teen arrested in hacking case Australian cybersecurity minister lambasts Optus for ‘unprecedented' hack - The Record by Recorded Future CISA: Iranian hackers spent 14 months in Albanian gov’t network before launching ransomware - The Record by Recorded Future Iran shutters mobile networks, Instagram, WhatsApp amid protests - The Record by Recorded Future US Treasury carves out Iran sanctions exceptions for internet providers - The Record by Recorded Future Signal Is Asking People Around the World to Help Iranians Access the Encrypted App Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine | WIRED Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service Russia plans “massive cyberattacks” on critical infrastructure, Ukraine warns | Ars Technica Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. – Krebs on Security Сбербанк предупредил о мошенничестве с продажей якобы "белых" военников - РИА Новости, 26.09.2022 SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000 | Ars Technica The record-setting DDoSes keep coming, with no end in sight | Ars Technica International conflicts driving increased strength of DDoS attacks: report - The Record by Recorded Future Tarfile path traversal bug from 2007 still present in 350k open source repos | The Daily Swig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Lapsus$’s Teapot arrested by UK police Optus hacker issues grovelling apology after feeling AFP and ASD heat Ukraine claims Russia is planning massive attacks on its infrastructure RSOCKS bot herder begs for extradition to USA Russians scammed when seeking military service exemptions Much, much more This week’s show is sponsored by Votiro. Ravi Srinivasan, Votiro’s CEO, joins the show this week to talk about how people are using content disarm and reconstruction. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes British teen arrested in hacking case Australian cybersecurity minister lambasts Optus for ‘unprecedented' hack - The Record by Recorded Future CISA: Iranian hackers spent 14 months in Albanian gov’t network before launching ransomware - The Record by Recorded Future Iran shutters mobile networks, Instagram, WhatsApp amid protests - The Record by Recorded Future US Treasury carves out Iran sanctions exceptions for internet providers - The Record by Recorded Future Signal Is Asking People Around the World to Help Iranians Access the Encrypted App Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine | WIRED Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service Russia plans “massive cyberattacks” on critical infrastructure, Ukraine warns | Ars Technica Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. – Krebs on Security Сбербанк предупредил о мошенничестве с продажей якобы "белых" военников - РИА Новости, 26.09.2022 SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000 | Ars Technica The record-setting DDoSes keep coming, with no end in sight | Ars Technica International conflicts driving increased strength of DDoS attacks: report - The Record by Recorded Future Tarfile path traversal bug from 2007 still present in 350k open source repos | The Daily Swig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at how Uber got owned so hard Why cleartext cookie storage in Microsoft Teams’ Electron-based app is actually a big deal Russian official: Starlink is a legitimate military target Wagner mercs get doxxed Kiwi Farms having a bad time Much, much more In this week’s sponsor interview we’ll be chatting to Nucleus’s CEO Steve Carter about CISA’s KEV list. He has feelings about the KEV list – they’re mostly positive, but he also has a few reasonable gripes and he joins me to talk about them. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation - The Record by Recorded Future Uber confirms it is investigating cybersecurity incident - The Record by Recorded Future Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars Technica SharpTongue Deploys Clever Mail-Stealing Browser Extension "SHARPEXT" | Volexity Hacking group focused on Central America dumps 10 terabytes of military emails, files Securing the Supply Chain of Nothing | Kelly Shortridge Russia Makes Veiled Threat to Destroy SpaceX's Starlink Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group Fears grow of Russian spies turning to industrial espionage - The Record by Recorded Future Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress CISA floats plan to partner with local universities for '311' cyberattack triage service - The Record by Recorded Future Breach of software maker used to backdoor ecommerce servers | Ars Technica Kiwi Farms has been breached; assume passwords and emails have been leaked | Ars Technica (8) Kevin Beaumont on Twitter: "The saga continues - there was (also?) a script injected for a month on Kiwi Farms called Troonshine, gathering information and credentials from user’s systems, posting it to “https://t.co/XnrUu4t3sd”. They look very, very owned. https://t.co/kxdR8kxtC1" / Twitter Pentagon reviews psychological operations amid Facebook, Twitter complaints - The Washington Post Bosnia and Herzegovina investigating alleged ransomware attack on parliament - The Record by Recorded Future Botched Crypto Mugging Lands Three U.K. Men in Jail – Krebs on Security Cryptocurrency company Wintermute says hackers stole $160 million - The Record by Recorded Future Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at how Uber got owned so hard Why cleartext cookie storage in Microsoft Teams’ Electron-based app is actually a big deal Russian official: Starlink is a legitimate military target Wagner mercs get doxxed Kiwi Farms having a bad time Much, much more In this week’s sponsor interview we’ll be chatting to Nucleus’s CEO Steve Carter about CISA’s KEV list. He has feelings about the KEV list – they’re mostly positive, but he also has a few reasonable gripes and he joins me to talk about them. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation - The Record by Recorded Future Uber confirms it is investigating cybersecurity incident - The Record by Recorded Future Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars Technica SharpTongue Deploys Clever Mail-Stealing Browser Extension "SHARPEXT" | Volexity Hacking group focused on Central America dumps 10 terabytes of military emails, files Securing the Supply Chain of Nothing | Kelly Shortridge Russia Makes Veiled Threat to Destroy SpaceX's Starlink Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group Fears grow of Russian spies turning to industrial espionage - The Record by Recorded Future Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress CISA floats plan to partner with local universities for '311' cyberattack triage service - The Record by Recorded Future Breach of software maker used to backdoor ecommerce servers | Ars Technica Kiwi Farms has been breached; assume passwords and emails have been leaked | Ars Technica (8) Kevin Beaumont on Twitter: "The saga continues - there was (also?) a script injected for a month on Kiwi Farms called Troonshine, gathering information and credentials from user’s systems, posting it to “https://t.co/XnrUu4t3sd”. They look very, very owned. https://t.co/kxdR8kxtC1" / Twitter Pentagon reviews psychological operations amid Facebook, Twitter complaints - The Washington Post Bosnia and Herzegovina investigating alleged ransomware attack on parliament - The Record by Recorded Future Botched Crypto Mugging Lands Three U.K. Men in Jail – Krebs on Security Cryptocurrency company Wintermute says hackers stole $160 million - The Record by Recorded Future Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police

In this edition of the Soap Box podcast Patrick Gray talks to Haroon Meer about Thinkst Canary’s new sensitive command token. It’s a great way to detect intruders on your Windows systems. Haroon also talks about how to use canaries strategically. Show notes Canaries as Network Motion Sensors Sensitive Command Token - So much offense in my defense

In this edition of the Soap Box podcast Patrick Gray talks to Haroon Meer about Thinkst Canary’s new sensitive command token. It’s a great way to detect intruders on your Windows systems. Haroon also talks about how to use canaries strategically. Show notes Canaries as Network Motion Sensors Sensitive Command Token - So much offense in my defense

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Albania suffers under another crippling Iranian attack Iran’s APT42 using clever, multi-persona phishing State Department cyber snitching program paying off Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump Mudge fronts US Senate Judiciary Committee Much, much more… This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO is this week’s sponsor guest and he talks about why they’ve pushed their Inception platform beyond YARA hunting. You can see a demo of Inception on our YouTube product demo page. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Albania-Iran cyber drama far from over US sanctions Iran intelligence agency over Albania cyberattack - The Record by Recorded Future Tom Uren on Cyber Embuggerance Iranian military using spoofed personas to target nuclear security researchers - The Record by Recorded Future Iranian hackers spy on journalists and government officials, researchers warn - The Record by Recorded Future FBI, DOJ defend ‘offensive’ actions against Chinese, Russian operations - The Record by Recorded Future State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says More than $30 million seized from North Korean hackers involved in Axie crypto-theft - The Record by Recorded Future $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit - Chainalysis Twitter whistleblower testifies to Congress, calls for tech regulation reforms - The Record by Recorded Future Twitter whistleblower testifies before Senate Former NSA Head Keith Alexander Accused of Pump-and-Dump Scheme Google: Conti repurposing tools for Ukraine attacks using Follina bug, Musk impersonation - The Record by Recorded Future Pro-Ukraine hackers claim attack on Russian TV broadcasts - The Record by Recorded Future Initial access broker or ransomware gang has 'exclusive' access to Mitel zero-day exploit: report - The Record by Recorded Future Cyberattacks against U.S. hospitals mean higher mortality rates, study finds Buenos Aires legislature announces ransomware attack - The Record by Recorded Future Ransomware attack knocked a Kentucky city-operated ISP offline before holiday - The Record by Recorded Future Ransomware attacks on retail increase, average retail payment grows to more than $200K - The Record by Recorded Future Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan - The Record by Recorded Future Patreon security team layoffs cause backlash in creator community This Clever Anti-Censorship Tool Lets Russians Read Blocked News | WIRED Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED Catalin Cimpanu on Twitter: "They're still recruiting, btw" / Twitter Cyberfella on Twitter: "@campuscodi Please convince Patrick to have a segment about NAFO named "Shitposting Dogs on the Bird App are making Vatniks Seethe and Cope" on the next riskybizz ep 🙏🙏🙏" / Twitter ironnet chart - Google Search Stairwell's Inception Platform - YouTube Все Буде Україна (Everything Will Be Ukraine) - YouTube Pink Floyd - Hey Hey Rise Up (feat. Andriy Khlyvnyuk of Boombox) - YouTube PROBASS ∆ HARDI - GOOD EVENING (WHERE ARE YOU FROM?) - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Albania suffers under another crippling Iranian attack Iran’s APT42 using clever, multi-persona phishing State Department cyber snitching program paying off Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump Mudge fronts US Senate Judiciary Committee Much, much more… This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO is this week’s sponsor guest and he talks about why they’ve pushed their Inception platform beyond YARA hunting. You can see a demo of Inception on our YouTube product demo page. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Albania-Iran cyber drama far from over US sanctions Iran intelligence agency over Albania cyberattack - The Record by Recorded Future Tom Uren on Cyber Embuggerance Iranian military using spoofed personas to target nuclear security researchers - The Record by Recorded Future Iranian hackers spy on journalists and government officials, researchers warn - The Record by Recorded Future FBI, DOJ defend ‘offensive’ actions against Chinese, Russian operations - The Record by Recorded Future State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says More than $30 million seized from North Korean hackers involved in Axie crypto-theft - The Record by Recorded Future $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit - Chainalysis Twitter whistleblower testifies to Congress, calls for tech regulation reforms - The Record by Recorded Future Twitter whistleblower testifies before Senate Former NSA Head Keith Alexander Accused of Pump-and-Dump Scheme Google: Conti repurposing tools for Ukraine attacks using Follina bug, Musk impersonation - The Record by Recorded Future Pro-Ukraine hackers claim attack on Russian TV broadcasts - The Record by Recorded Future Initial access broker or ransomware gang has 'exclusive' access to Mitel zero-day exploit: report - The Record by Recorded Future Cyberattacks against U.S. hospitals mean higher mortality rates, study finds Buenos Aires legislature announces ransomware attack - The Record by Recorded Future Ransomware attack knocked a Kentucky city-operated ISP offline before holiday - The Record by Recorded Future Ransomware attacks on retail increase, average retail payment grows to more than $200K - The Record by Recorded Future Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan - The Record by Recorded Future Patreon security team layoffs cause backlash in creator community This Clever Anti-Censorship Tool Lets Russians Read Blocked News | WIRED Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED Catalin Cimpanu on Twitter: "They're still recruiting, btw" / Twitter Cyberfella on Twitter: "@campuscodi Please convince Patrick to have a segment about NAFO named "Shitposting Dogs on the Bird App are making Vatniks Seethe and Cope" on the next riskybizz ep 🙏🙏🙏" / Twitter ironnet chart - Google Search Stairwell's Inception Platform - YouTube Все Буде Україна (Everything Will Be Ukraine) - YouTube Pink Floyd - Hey Hey Rise Up (feat. Andriy Khlyvnyuk of Boombox) - YouTube PROBASS ∆ HARDI - GOOD EVENING (WHERE ARE YOU FROM?) - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: China’s super spies figure out Rob Joyce ran TAO ops FBI, French authorities fly to Montenegro to investigate ransomware attack NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers SIM swap drama spills into real world shootings, firebombings Yandex Taxi hack clogs Moscow streets The TikTok breach that wasn’t Project Raven veterans get wings clipped Why recent BGP hijacks are getting a bit concerning Much, much more This week’s show is brought to you by Corelight, the company that maintains Zeek. Corleight’s Federal CTO Jean Schaffer joins us in this week’s sponsor interview to talk about whether or not the White House’s executive order on Zero Trust is actually changing anything. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Exclusive: Evidence shows US’ NSA behind attack on email system of leading Chinese aviation university - Global Times Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter Patrick Gray on Twitter: "Great thread" / Twitter FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future Chile says gov’t agency struggling with ransomware attack - The Record by Recorded Future Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future Ransomware Gang Accessed Water Supplier’s Control System Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter Criminal hackers targeting K-12 schools, U.S. government warns QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future Cloudflare Suggests It Won’t Cut Off Anti-Trans Stalking Forum Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times TikTok denies security breach after hackers leak user data, source code Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium nanog: Yet another BGP hijacking towards AS16509 A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED WatchGuard firewall exploit threatens appliance takeover | The Daily Swig Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43 – Naked Security DownUnderCTF

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: China’s super spies figure out Rob Joyce ran TAO ops FBI, French authorities fly to Montenegro to investigate ransomware attack NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers SIM swap drama spills into real world shootings, firebombings Yandex Taxi hack clogs Moscow streets The TikTok breach that wasn’t Project Raven veterans get wings clipped Why recent BGP hijacks are getting a bit concerning Much, much more This week’s show is brought to you by Corelight, the company that maintains Zeek. Corleight’s Federal CTO Jean Schaffer joins us in this week’s sponsor interview to talk about whether or not the White House’s executive order on Zero Trust is actually changing anything. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Exclusive: Evidence shows US’ NSA behind attack on email system of leading Chinese aviation university - Global Times Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter Patrick Gray on Twitter: "Great thread" / Twitter FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future Chile says gov’t agency struggling with ransomware attack - The Record by Recorded Future Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future Ransomware Gang Accessed Water Supplier’s Control System Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter Criminal hackers targeting K-12 schools, U.S. government warns QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future Cloudflare Suggests It Won’t Cut Off Anti-Trans Stalking Forum Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times TikTok denies security breach after hackers leak user data, source code Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium nanog: Yet another BGP hijacking towards AS16509 A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED WatchGuard firewall exploit threatens appliance takeover | The Daily Swig Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43 – Naked Security DownUnderCTF

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The Twilio breach was actually a big deal How a Belarusian Cyber Partisans hack burned a GRU illegal Who wants 25m hashed passwords from Russia? An NFT we can get behind How attackers are using game anti-cheat drivers to defeat EDR Much, much more This week’s sponsor interview is with Mike Benjamin, the VP of security research at Fastly. He pops in to argue that your red team needs to actually consider how your apps will cope with bot-driven attacks. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Why the Twilio Breach Cuts So Deep | WIRED Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others | Ars Technica The number of companies caught up in recent hacks keeps growing | Ars Technica How 1-Time Passcodes Became a Corporate Liability – Krebs on Security (1) Christo Grozev on Twitter: "We first noticed her thanks to a super useful database shared with us by @cpartisans: the border crossing records of Belarus. We knew the passport ranges of GRU and FSB spies, so we decided to search in that data-set by partial matches, leaving the last 3 digits out as wildcards." / Twitter (1) Belarusian Cyber-Partisans on Twitter: "🧵1/3🔥For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens. Now we're offering you an opportunity to become a part of this history 😎. Get a unique digital version of #lukashenka passport as #NFT https://t.co/gOlWdoUehi https://t.co/RxdWpBqA8f" / Twitter A huge Chinese database of faces and vehicle license plates spilled online | TechCrunch Leading Russian streaming platform suffers data leak allegedly impacting 44 million users - The Record by Recorded Future Plex imposes password reset after hackers steal data for >15 million users | Ars Technica Montenegro struggles to recover from cyberattack that officials blame on Russia - The Record by Recorded Future Patrick Gray on Twitter: "https://t.co/DOFdMExsPe" / Twitter European data privacy watchdogs grill Twitter over Mudge security claims - The Record by Recorded Future Google announces open source vulnerability reward program after Log4j, Codecov issues - The Record by Recorded Future Google Online Security Blog: Announcing Google’s Open Source Software Vulnerability Rewards Program Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware' - The Record by Recorded Future LockBit ransomware group implicated in crippling attack on French hospital - The Record by Recorded Future Major U.S. library service confirms ransomware attack, struggling to restore affected systems - The Record by Recorded Future China-linked hackers target organizations operating in South China Sea - The Record by Recorded Future Chinese hackers zero in on Australian manufacturers, wind turbine operators FTC sues data broker that tracks locations of 125M phones per month | Ars Technica FCC launches investigation into mobile carriers’ geolocation data practices - The Record by Recorded Future Most top mobile carriers retain geolocation data for two years on average, FCC findings show - CyberScoop Buddle co-accused one of 50 alleged criminals preparing challenge to police sting Researchers discover sprawling pro-U.S. social media influence campaign Unheard Voice: Evaluating five years of pro-Western covert influence operations Rights groups, company leaders decry silence over VLC player ban in India - The Record by Recorded Future

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The Twilio breach was actually a big deal How a Belarusian Cyber Partisans hack burned a GRU illegal Who wants 25m hashed passwords from Russia? An NFT we can get behind How attackers are using game anti-cheat drivers to defeat EDR Much, much more This week’s sponsor interview is with Mike Benjamin, the VP of security research at Fastly. He pops in to argue that your red team needs to actually consider how your apps will cope with bot-driven attacks. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Why the Twilio Breach Cuts So Deep | WIRED Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others | Ars Technica The number of companies caught up in recent hacks keeps growing | Ars Technica How 1-Time Passcodes Became a Corporate Liability – Krebs on Security (1) Christo Grozev on Twitter: "We first noticed her thanks to a super useful database shared with us by @cpartisans: the border crossing records of Belarus. We knew the passport ranges of GRU and FSB spies, so we decided to search in that data-set by partial matches, leaving the last 3 digits out as wildcards." / Twitter (1) Belarusian Cyber-Partisans on Twitter: "🧵1/3🔥For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens. Now we're offering you an opportunity to become a part of this history 😎. Get a unique digital version of #lukashenka passport as #NFT https://t.co/gOlWdoUehi https://t.co/RxdWpBqA8f" / Twitter A huge Chinese database of faces and vehicle license plates spilled online | TechCrunch Leading Russian streaming platform suffers data leak allegedly impacting 44 million users - The Record by Recorded Future Plex imposes password reset after hackers steal data for >15 million users | Ars Technica Montenegro struggles to recover from cyberattack that officials blame on Russia - The Record by Recorded Future Patrick Gray on Twitter: "https://t.co/DOFdMExsPe" / Twitter European data privacy watchdogs grill Twitter over Mudge security claims - The Record by Recorded Future Google announces open source vulnerability reward program after Log4j, Codecov issues - The Record by Recorded Future Google Online Security Blog: Announcing Google’s Open Source Software Vulnerability Rewards Program Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware' - The Record by Recorded Future LockBit ransomware group implicated in crippling attack on French hospital - The Record by Recorded Future Major U.S. library service confirms ransomware attack, struggling to restore affected systems - The Record by Recorded Future China-linked hackers target organizations operating in South China Sea - The Record by Recorded Future Chinese hackers zero in on Australian manufacturers, wind turbine operators FTC sues data broker that tracks locations of 125M phones per month | Ars Technica FCC launches investigation into mobile carriers’ geolocation data practices - The Record by Recorded Future Most top mobile carriers retain geolocation data for two years on average, FCC findings show - CyberScoop Buddle co-accused one of 50 alleged criminals preparing challenge to police sting Researchers discover sprawling pro-U.S. social media influence campaign Unheard Voice: Evaluating five years of pro-Western covert influence operations Rights groups, company leaders decry silence over VLC player ban in India - The Record by Recorded Future

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A deep look at Mudge’s sensational whistleblower complaint against Twitter Brazilian Federal Police raid Lapsus$ crew NSO CEO to stand down (again), 100 staff to be let go Signal users impacted in Twilio incident Tornado Cash OFACs around and finds out Much, much more This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED TikTok Says, No, It Isn't Stealing Your Passwords Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future Israeli spyware company NSO Group CEO steps down | Reuters How a Third-Party SMS Service Was Used to Take Over Signal Accounts VIASAT hack impacted French critical services | Cybernews DOJ now relies on paper for its most sensitive court documents, official says Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury OFAC Around and Find Out - Lawfare Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future Risky Biz News: Is ransomware going after the Global South? Sure looks like it! Ransomware Now Threatens the Global South | Royal United Services Institute Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future Breaking SIDH in polynomial time Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future North Korea-backed hackers have a clever way to read your Gmail | Ars Technica When Efforts to Contain a Data Breach Backfire – Krebs on Security Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future Anonymous poop gifting site hacked, customers exposed

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A deep look at Mudge’s sensational whistleblower complaint against Twitter Brazilian Federal Police raid Lapsus$ crew NSO CEO to stand down (again), 100 staff to be let go Signal users impacted in Twilio incident Tornado Cash OFACs around and finds out Much, much more This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED TikTok Says, No, It Isn't Stealing Your Passwords Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future Israeli spyware company NSO Group CEO steps down | Reuters How a Third-Party SMS Service Was Used to Take Over Signal Accounts VIASAT hack impacted French critical services | Cybernews DOJ now relies on paper for its most sensitive court documents, official says Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury OFAC Around and Find Out - Lawfare Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future Risky Biz News: Is ransomware going after the Global South? Sure looks like it! Ransomware Now Threatens the Global South | Royal United Services Institute Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future Breaking SIDH in polynomial time Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future North Korea-backed hackers have a clever way to read your Gmail | Ars Technica When Efforts to Contain a Data Breach Backfire – Krebs on Security Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future Anonymous poop gifting site hacked, customers exposed

In this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking

In this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Taiwanese websites hit with DDoS attacks as Pelosi begins visit 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica Federal court system suffered previously undisclosed breach, congressional committee says Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria Eavesdropping probe finds Israeli police exceeded authority | AP News Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future On security researcher's newsletter, exposing cybercriminals behind ransomware Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Taiwanese websites hit with DDoS attacks as Pelosi begins visit 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica Federal court system suffered previously undisclosed breach, congressional committee says Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria Eavesdropping probe finds Israeli police exceeded authority | AP News Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future On security researcher's newsletter, exposing cybercriminals behind ransomware Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Entrust being ransomwared is good news UEFI bootkits turn hardware into landfill Microsoft resumes macro blocking rollout Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea Much, much more This week’s sponsor guest is Paul “The Voice” Lanzi of Remediant. He’s popping along to talk about the emergence of a new product category – Identity Threat Detection and Response, or ITDR. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Italy investigating ransomware attack on tax agency - The Record by Recorded Future IT security giant Entrust says it's investigating alleged June data breach - The Record by Recorded Future Microsoft resuming default block of Office VBA macros - The Record by Recorded Future Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors | Federal Public Service Foreign Affairs Cyber Command shares bevy of new malware used against Ukraine - The Record by Recorded Future Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health Congress goes after spyware purveyors. Will it make a difference? Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future TSA unveils updated cybersecurity regulations of oil and gas pipelines - The Record by Recorded Future Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED Federal privacy legislation progresses, but concerns about data brokers loom China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues - The Record by Recorded Future T-Mobile reaches historic $350 million settlement in 2021 data breach - The Record by Recorded Future Former Coinbase Manager Arrested by Feds for Alleged Insider Trading Cisco patches dangerous bug trio in Nexus Dashboard | The Daily Swig Atlassian patches batch of critical vulnerabilities across multiple products | The Daily Swig Hardcoded password in Confluence app has been leaked on Twitter | Ars Technica

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the DHS Cyber Safety Review Board’s Log4j report Joshua Schulte no longer the “alleged” Vault7 leaker Chinese APT crews targeted US political journalists before Jan 6 Ransomware gangs make leak sites searchable Why recovering plaintext passwords from Okta is expected behaviour US Government seizes North Korean ransomware payment Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’ Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future Who-is-Trickbot.pdf A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security Risky Biz News: Google removes app permissions from the Play Store Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica ‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com Okta Response to Security Report | Okta DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future Colorado police investigating ransomware attack on small town - The Record by Recorded Future Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future MiCODUS MV720 GPS tracker | CISA Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware Are blockchains decentralized? | Trail of Bits Blog Announcing the new Trail of Bits podcast | Trail of Bits Blog GitHub - trailofbits/it-depends: A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including: Why an American defence contractor acquiring NSO Group would be a nonproliferation win A look at Microsoft’s botched macro measures iPhone’s Lockdown Mode Ukraine goes big on Yubikeys Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash Much, much more This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem. NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine. Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing. Show notes L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA North Korea is targeting hospitals with ransomware, U.S. agencies warn Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future Chinese Hackers Targeting Russian Government and Telcos DeFi Hacker Returns $8m Millions in Cryptocurrency Stolen in Phishing Attacks

Today’s soap box is brought to you by Nucleus Security. Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc. If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos page, I’ve linked through to it in the show notes for this podcast. Our guest in this episode is Scott Kuffer, co-founder of Nucleus, and the topic is running a vulnerability management program in a very large enterprise. Show notes Nucleus Security Product Demo on Risky Biz YouTube Channel

On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including: A billion records leaked in China China to develop desktop operating system HackerOne fires insider for stealing hackers’ work and bounties FSB officer charged with stealing hacker’s bitcoin Why Microsoft is wrong on Russia and Ukraine Much, much more Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain. Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing. Show notes Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters China lured graduate jobseekers into digital espionage | Ars Technica Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised (2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС Cybersecurity experts question Microsoft's Ukraine report (4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future State unemployment, jobs services down around the country after cyberattack NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future Nucleus Security's vulnerability management platform - YouTube Explore Atomic Red Team

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "🎉" / Twitter

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions. But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency’s audio recordings Much, much more This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice MPs back quiet diplomacy in Assange case Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica Microsoft’s Vulnerability Practices Put Customers At Risk | LinkedIn Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future Telegram: Contact @tass_agency Microsoft pulls Windows 10 and 11 in Russia • The Register DDoS Attacks Delay Putin Speech at Russian Economic Forum Russia warns of a “military clash” if it’s hit by US cyberattacks - The Record by Recorded Future Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post Srsly Risky Biz: Friday June 17 - by Tom Uren Suspect in hacking Russian customs detained in Moscow String of attacks on French telecom infrastructure preceded April attack on fiber optic cables Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future Ukrainian cybersecurity officials disclose two new hacking campaigns Police Linked to Hacking Campaign to Frame Indian Activists | WIRED INTERPOL raids hundreds of scammy call centers in sweep A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED Ranking The World's Angriest Scammers - 10/10 Rage - YouTube MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it The tale of a whale who took Solend’s money – Amy Castor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple’s passkey release foreshadows FIDO mass adoption Much, much more This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News White House: cyber activity not against Russia policy | Reuters 'Shields Up': the new normal in cyberspace Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022 «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru Киев использовал против России новый принцип кибератак - Ведомости Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022 FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant Risky Biz News: LockBit-Mandiant drama, explained How Binance became a hub for hackers, fraudsters and drug sellers Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore. Fed cyber officials detail Chinese state hackers using common exploits against telcos Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED Zero-Day Exploitation of Atlassian Confluence | Volexity Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter NFT insider trading charges filed against former OpenSea employee Nate Chastain Detecting BPFDoor backdoor payload | Elastic

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited’ after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW’s Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large’ org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary

The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Spanish PM’s phone infected by Pegasus Microsoft drops Ukraine research report We can’t make heads or tails out of the FBI’s transparency report France hit with coordinated fibre sabotage campaign Why Musk’s algorithm pledge is meaningless Much, much more This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Spyware attack targeted Spanish prime minister’s phone - The Record by Recorded Future Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ | Spain | The Guardian Russia’s hackers and military went after the same targets in Ukraine, Microsoft says Russia Is Being Hacked at an Unprecedented Scale | WIRED Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future 2022_ASTR_for_CY2020_FINAL.pdf Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans’ Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities Who tried to hack Hawaii’s undersea cable? - The Record by Recorded Future Nauru police emails leaked to protest against Australia's offshore detention Fighting Fake EDRs With ‘Credit Ratings’ for Police – Krebs on Security Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline Musk's plans to make Twitter's algorithms public raises disinformation conundrum Elon Musk’s Plan to Open Source the Twitter Algorithm Won’t Solve Anything | WIRED Kronos cyber attack sparks lawsuits against employers | BenefitsPRO German wind farm operator confirms cybersecurity incident - The Record by Recorded Future German library service struggling to recover from ransomware attack - The Record by Recorded Future Trinidad’s largest supermarket chain crippled by cyberattack - The Record by Recorded Future Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future Crypto Hackers Stole More Than $370 Million In April Alone Airlock Digital Demo - YouTube Risky Business News | Patrick Gray | Substack

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Israel Ministry of Defence is denying a lot of spyware export licences Private detective in New York pleads guilty over BellTroX shenanigans Scammers enrol stolen credit cards into Apple Pay The Blackcat ransomware crew is very active right now VirusTotal shells lol Much, much more This week’s sponsor interview is with Okta’s Brett Winterford, who talks in detail about the company’s brush with the Lapsus$ hacking crew. It’s unusual for a sponsor interview to be a must listen, but here we are. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Export controls strangling Israel's cyberattack industry - Globes Israeli charged in global hacker-for-hire scheme pleads guilty | Reuters Criminals Abuse Apple Pay in Spending Sprees Wealthy cybercriminals are using zero-day hacks more than ever | MIT Technology Review Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security FBI: 60 organizations worldwide hit with BlackCat/ALPHV ransomware - The Record by Recorded Future FBI warns agricultural sector of heightened risk of ransomware attacks Russia's war on Ukraine making life difficult for Russian cybercriminals In a first, Treasury Department sanctions major cryptocurrency mining firm Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA (6) Rewards for Justice on Twitter: "REWARD! Up to $10M for information on 6 Russian GRU hackers. They targeted U.S. critical infrastructure with malicious cyber ops. Send us info on their activities via our Dark Web-based tips line at: https://t.co/WvkI416g4W https://t.co/oZCKNHU3fY https://t.co/u1NMAZ9HQl" / Twitter Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure – Rewards For Justice From the front lines of ‘the first real cyberwar’ - The Record by Recorded Future CySource virus total blog (3) Bernardo Quintero on Twitter: "for transparency purposes, this was my internal reply on May 21, 2021 at 03:09PM https://t.co/WR3QTRlxDc" / Twitter Critical bug could have let hackers commandeer millions of Android devices | Ars Technica Hot patch for Log4Shell vulnerability in AWS allowed full host takeover | The Daily Swig Major cryptography blunder in Java enables “psychic paper” forgeries | Ars Technica Brokers' sales of U.S. military personnel data overseas stir national security fears Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen A Crypto Entrepreneur Is on the Lam After Dev Jailed for North Korea Trip Okta Concludes its Investigation Into the January 2022 Compromise | Okta Risky Business News | Substack

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including: Ukraine foils Russian ICS hack US Government burns someone’s ICS toolkit China gets all up in India’s energy gridz The Heroku/Hithub/Travis CI story is very confusing US DOJ removes GRU malware from Watchguard boxes under Rule 41 North Korea behind $540m crypto hack Much, much more This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They’ll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator. Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing. Show notes Ukraine foiled Russian cyberattack that tried to shut down energy grid (4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter (4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Suspected Chinese hackers are targeting India's power grid Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post US says it disrupted Russian botnet 'before it could be weaponized' DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future 'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack The Original APT: Advanced Persistent Teenagers – Krebs on Security

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company’s cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud’s Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google’s Cloud-Native SIEM Platform

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Spring4Shell isn’t all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing. And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Explaining Spring4Shell: The Internet security disaster that wasn’t | Ars Technica VMware sprung by Spring4shell vulnerability - Security - iTnews Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future VIASAT incident: from speculation to technical details. AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future The Belarus ‘railway rebels’, who dare stop Vladimir Putin’s invasion in its tracks German wind turbine maker shut down after cyberattack - The Record by Recorded Future Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig Two alleged Lapsus$ teens appear in London court IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica Notorious hacking group FIN7 adds ransomware to its repertoire NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future Debate erupts at news the White House may scale back DOD cyber-ops authorities Legislators rail against potential rollback of flexible DOD cyber powers ‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig Trend Micro warns of active attacks against Apex Central console | The Daily Swig Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica GitLab addresses critical account hijack bug | The Daily Swig Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future Bank that lacked basic security suffers predictable fate • The Register Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Upskill your testers and developers with PentesterLab for US$20 a month Manage penetration tests and reporting with AttackForge How Sysdig can help herd your container cats (vuln management and detection for container environments) Show notes PentesterLab: Learn Web Penetration Testing: The Right Way AttackForge® - Penetration Testing Workflow Management, Productivity & Collaboration Tools Sysdig 2022 Cloud-Native Security and Usage Report: Stay on Top of Risks as You Scale – Sysdig

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Some arrests of suspected Lapsus$ members in the UK Why the Okta incident is probably a fizzer Four FSB officers indicted over Triton/Trisis malware Kim Zetter interviewed Intrusion Truth Australian government to upsize ASD Wave bye bye to Finfisher Much, much more This week’s sponsor interview is with Mike Wiacek from Stairwell. Stairwell makes a product that catalogues the files in your environment and lets you slice and dice that data. That makes threat hunting pretty easy and Mike is joining the show this week to talk about why organisations of all stripes should be doing threat hunting. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal - BBC News Okta ‘identifying and contacting’ customers potentially affected by Lapsus$ breach - The Record by Recorded Future Okta revises original statement, says 366 customers affected by Lapsus$ breach - The Record by Recorded Future Okta apologizes for waiting two months to notify customers of Lapsus$ breach - The Record by Recorded Future Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show | TechCrunch DOJ unseals indictments of four Russian gov’t officials for cyberattacks on energy companies - The Record by Recorded Future Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide | OPA | Department of Justice Intrusion Truth - Five Years of Naming and Shaming China’s Spies ASD to double in size after $10bn cyber security funding boost - Security - iTnews How the Biden budget goes big on cyber - The Record by Recorded Future FBI, CISA advise 13,000 orgs to have 'low threshold' for reporting cyberattacks - The Record by Recorded Future Senate report examines REvil ransomware attacks on US firms - The Record by Recorded Future Senate ransomware investigation says FBI leaving victims in the lurch Surveillance software firm FinFisher declares insolvency - The Record by Recorded Future NSO refused Ukraine’s request for Pegasus spyware so it wouldn’t anger Russia - The Washington Post FCC puts Kaspersky on security threat list, says it poses “unacceptable risk” | Ars Technica Traffic at major Ukrainian internet service provider Ukrtelecom disrupted - The Record by Recorded Future An interview with the chief technical officer at Ukrtelecom - The Record by Recorded Future Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” – Krebs on Security North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets | Ars Technica Google releases emergency security update for Chrome users after second 0-day of 2022 discovered - The Record by Recorded Future Npm maintainers remove malicious packages after typosquatting attempt - The Record by Recorded Future ‘Spam Nation’ Villain Vrublevsky Charged With Fraud – Krebs on Security $2 million stolen from DeFi protocol Revest Finance, platform unable to reimburse victims - The Record by Recorded Future Flash loan attack on One Ring protocol nets crypto-thief $1.4 million | The Daily Swig More than $625 million stolen in DeFi hack of Ronin Network - The Record by Recorded Future Hackers Who Stole $50 Million in Crypto Say They Will Refund Some Victims

Airlock Digital co-founders Daniel Schell and Dave Cottingham join host Patrick Gray to talk about: What an effective allowlisting program looks like Why the third party allowlisting industry failed the first time What you can achieve with Microsoft tooling versus specialist tools How much effort is involved to do this right

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Okta’s somewhat awful comms around its LAPSUS$ incident Inside Microsoft’s brush with the same group How Elon Musk’s Starlink service is being used to drop bombs on Russian tanks US, UK governments warn of impending Russian cyberdoom Much, much more… This week’s sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It’s a topic that has come up a lot for us lately – ransomware has borderline sunk the current cyber insurance model as payments ballooned and payouts made a lot of insurers adjust premiums to the. But all is not lost – Paul says this blowup means the insurance industry is actually adapting and could wind up being a driver of better security practices. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Hackers hit authentication firm Okta, customers 'may have been impacted' | Reuters Updated Okta Statement on LAPSUS$ | Okta Microsoft investigating Lapsus$ claims of Bing, Cortana data theft - The Record by Recorded Future DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog U.K. echoes Biden warning on Russian cyberattacks - The Record by Recorded Future Statement by President Biden on our Nation’s Cybersecurity | The White House FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden's Russia cyberattack warning - CNNPolitics CISA, FBI warn of satellite network hacks following Viasat cyberattack - The Record by Recorded Future Specialist Ukrainian drone unit picks off invading Russian forces as they sleep | News | The Times China’s DJI And Its Billionaire Chief Put In An Awkward Spot As Both Sides In Ukraine War Use Its Drones Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk Catalin Cimpanu on Twitter: "Following the poisoning of the node-ipc npm package to sabotage systems in Belarus and Russia, Russia's NKTsKI cyber-security agency has told companies to use local repos for FOSS software, use older versions prior to the invasion, and audit new updates https://t.co/3PlKdXTfn1 https://t.co/EV25HBBZFN" / Twitter U.S. bars ex-spies from becoming 'mercenaries,' following Reuters series | Reuters Behold, a password phishing site that can trick even savvy users | Ars Technica Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED Scammers have 2 clever new ways to install malicious apps on iOS devices | Ars Technica New details emerge on prolific Conti-linked cybercrime group Trickbot is using MikroTik routers to ply its trade. Now we know why | Ars Technica Sandworm-linked botnet has another piece of hardware in its sights Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms - Decrypt Lawmakers Probe Early Release of Top RU Cybercrook – Krebs on Security A different way to do PAM -- Paul Lanzi, Remediant - YouTube

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Germany issues stark warning to Kaspersky users Ukraine SATCOM hack keeps getting more interesting Russia to spin up its own CA, but it’s not what it seems Why the ransomware threat could get worse, then better Much, much more This week’s show is brought to you by Fastly. Kelly Shortridge, Fastly’s Senior Principal Product Technologist, joins the show this week to tell us what modern security actually looks like. Kelly is always fascinating so we were thrilled she was in the sponsor chair this week. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes German government issues warning about Kaspersky products - CyberScoop Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters SATELLITE SYSTEMS, SATCOM AND SPACE SYSTEMS UPDATE Russia to create its own security certificate authority, alarming experts Political fallout in cybercrime circles upping the threat to Western targets (2) Oleg Shakirov on Twitter: "Russia's deputy foreign minister says he hopes the Russian-U.S. dialogue on cyber security will be resumed in response to a question whether it has been frozen He adds that it can bring tangible results like the disruption of REvil https://t.co/m817WD80vr" / Twitter FinCEN warns ransomware proceeds could be part of Russia sanctions evasion Biden takes big step toward government-backed digital currency Ukrainian hackers say HackerOne is blocking their bug bounty payouts | TechCrunch (2) Techmeme on Twitter: "Sources: Apple and Google removed Kremlin critic Navalny's app in September after FSB agents came to homes of top execs and threatened to take them to prison (Washington Post) https://t.co/nqvtHmG1Ft https://t.co/gQCcnFhnyo" / Twitter Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware | The Daily Swig (2) ESET research on Twitter: "#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine 🇺🇦. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7 https://t.co/gVzzlT6AzN" / Twitter Ukraine facing major regional internet outages as Russian invasion continues Transparency Org Releases Alleged Leak of Russian Censorship Agency Denial-of-service attack knocked Israeli government sites offline The Lapsus$ Hacking Group Is Off to a Chaotic Start | WIRED Penny Arcade - Comic - Also Known As Blackmail Man charged with Kaseya hack extradited to the US - The Record by Recorded Future NetWalker ransomware affiliate extradited to the US - The Record by Recorded Future Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 | Ars Technica New method that amplifies DDoSes by 4 billion-fold. What could go wrong? | Ars Technica SEC weighs reporting requirements for publicly traded companies Biden signs cyber incident reporting bill into law - The Record by Recorded Future Join The Dept of Know_ Live! BAYRAKTAR-Official Song (english) - YouTube Product Demo: Proofpoint Nexus People Explorer - YouTube

On this week’s show Patrick Gray, Brian Krebs and Adam Boileau discuss the week’s security news, including: The Contileaks latest Belarus targeted refugee data. Was it behind the ICRC hack? How APT41 hacked America’s livestock SATCOM hack in Ukraine may bode ill for Musk Much, much more Material Security’s co-founder Ryan Noon is this week’s sponsor guest. He joins the show to talk about a few things, how the building blocks for a whole new generation of security tooling – like large-scale data crunching tech – is now just available off the shelf. He also talks us through an integration Material has done with a groovy new SOAR platform called Tines. Links to everything we discussed – and a YouTube demo of Material’s technology – are below. Show notes Conti Ransomware Group Diaries, Part I: Evasion – Krebs on Security Conti Ransomware Group Diaries, Part II: The Office – Krebs on Security Conti Ransomware Group Diaries, Part III: Weaponry – Krebs on Security Conti Ransomware Group Diaries, Part IV: Cryptocrime – Krebs on Security Christo Grozev on Twitter: "This is not the worst part. In the phone call in which the FSB officer assigned to the 41st Army reports the death to his boss in Tula, he says they've lost all secure communications. Thus the phone call using a local sim card. Thus the intercept. https://t.co/cgHHo7VaRi" / Twitter Cloudflare not fully backing out of Russia, company says, as tech firms are forced to weigh in - CyberScoop NATO countries' refugee management may have been targeted by Belarus-linked hackers - CyberScoop Twitter Launches Tor Onion Service Making Site Easier to Access in Russia Hive ransomware gang targets Romanian oil firm in its latest cyberattack - The Record by Recorded Future Chinese Spies Hacked a Livestock App to Breach US State Networks | WIRED Christophe on Twitter: "Casually compromising API keys from Azure customers: - Step 1: Create an Azure automation account - Step 2: curl localhost on ports 40000+ You now have an API token in the Azure tenant of another customer, with the same permissions as the automation🙈 https://t.co/XRI99mCJ1T" / Twitter Google WAF bypassed via oversized POST requests | The Daily Swig DDoSers are using a potent new method to deliver attacks of unthinkable size | Ars Technica SATCOM terminals under attack in Europe: a plausible analysis. The internet in Ukraine is still mostly online. Could Starlink be a backup if it goes out? - The Record by Recorded Future Linux has been bitten by its most high-severity vulnerability in years | Ars Technica Google to acquire Mandiant in $5.4 billion deal - The Record by Recorded Future Senate approves cyber incident reporting bill amid worries about Russian threats - The Record by Recorded Future Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future Material Security: Keeping email safe at rest (improved audio) - YouTube Risky Biz Product Demos - YouTube

On this week’s show Patrick Gray, Dmitri Alperovitch and Adam Boileau discuss the week’s security news, including: We expected a cyberwar but got an information war People with SDR kits are doing SIGINT in Ukraine Conti has imploded and it’s hilarious Much, much more This week’s show is brought to you by Proofpoint. Sherrod DeGrippo, Proofpoint’s Vice President of Threat Research and Detection is this week’s sponsor guest. She joins us to talk about how there isn’t really any magic advice she can dispense to protect customers from Russian attacks. There are some show notes below, but they’re not exhaustive. Show notes The propaganda war has eclipsed cyberwar in Ukraine | MIT Technology Review Ukrainian Researcher Leaks Conti Ransomware Gang Data Signal on Twitter: "We've had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives." / Twitter Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future Phishing campaign targets European officials assisting in refugee operations - The Record by Recorded Future https://twitter.com/sbreakintl/status/1498619303717142529?s=21 Apple halts sales of products to Russia, restricts access to Russian news apps Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine - CyberScoop Russian State Media Hacked to Show Casualty Numbers for Russian Soldiers in Ukraine War Would Banning Russia From Getting Software Updates Make It Easier to Hack? Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory | WIRED vx-underground on Twitter: "Conti ransomware group previously put out a message siding with the Russian government. Today a Conti member has begun leaking data with the message "Fuck the Russian government, Glory to Ukraine!" You can download the leaked Conti data here: https://t.co/BDzHQU5mgw https://t.co/AL7BXnihza" / Twitter Active Measures, LLC on Twitter: "That keyboard sound you hear is lawyers at US CYBERCOMMAND updating some opinions." / Twitter Conti ransomware gang chats leaked by pro-Ukraine member - The Record by Recorded Future Russia appears to deploy digital defenses after DDoS attacks - The Record by Recorded Future Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED Auth0 co-founder and CEO Eugenio Pace walks us through the Auth0 platform - YouTube Dmitri Alperovitch on Twitter: "In the last few weeks, I have become increasingly convinced that Kremlin has unfortunately made a decision to invade Ukraine later this winter. While it is still possible for Putin to deescalate, I believe the likelihood is now quite low. Allow me to explain why 🧵" / Twitter

These Soap Box editions of the show are entirely sponsored – that means everyone you hear in one of these episodes paid to be here. In this edition we’re talking to Yubico’s Chief Solutions Officer Jerrod Chong. We do one of these Soap Box podcasts with Jerrod every year. Yubico, of course, is the maker of the Yubikey hardware security device. In this chat with Jerrod we cover a few things – like the zero trust executive order, hardware-backed web transactions and how the industry leading the charge on security keys right now is actually the cryptocurrency space.