Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1168
Reviews: 2

Anders
 Jul 13, 2020


 Oct 10, 2018

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Snake Oilers: Greynoise! MergeBase! Votiro!

In this edition of Snake Oilers we’ll be hearing from three very different vendors who’ve all been doing interesting stuff.

Greynoise: An infosec startup darling, Greynoise can tell you when an attack you’ve detected is internet-wide, automated activity. Very useful for de-prioritising entire alert sets.

MergeBase: Software Composition Analisys (SCA) with two key differentiators. MergeBase says it gives users MUCH better remediation advice than competitors, and also offers a “in prod” dynamic SCA product that feeds Java app telemetry back to app/security teams. Very cool, and getting popular.

Votiro: Regular listeners would know about CDR company Votiro. They’ve spent the last little while updating their product to better deal with macro-based threats. There’s some site-specific machine learning pixie dust as well as some more generic static detections and re-writes.

Apr 20, 2021
Risky Business #620 -- Project Zero burns Western counterterrorism operation

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Ubiquiti insider blows whistle on breach
  • Cyber insurer ransomwared
  • Project Zero burned a Western counterterrorism operation
  • Australian parliament, media, politicians all under attack
  • Executive Order would require vendors to notify US government of incidents
  • Much, much more…

This week’s sponsor guest is a special one. Metasploit creator and Rumble.run founder HD Moore will join us to talk all about his new venture, the Rumble asset discovery tool. It’s an absolutely fantastic interview, as you’d expect from HD.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security
SHAREHOLDER ALERT: Ubiquiti, Inc. Investigated for Possible Securities Laws Violations by Block & Leviton LLP; Investors Should Contact the Firm
Ubiquiti tells customers to change passwords after security breach | ZDNet
Top insurer CNA disconnects systems after cyberattack
London's biggest school trust hit by ransomware | The Record by Recorded Future
Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion
Nine says it has isolated source of cyber attack
Cyber attack on Channel Nine: Government assistance requested by network
Nine Entertainment warns ransomware recovery 'will take time' - Security - iTnews
AFP, NSW Police investigating cyber attack on Nine
'State actor' behind Nine Network cyber attack, , tech expert says
Australia investigates reported hacks aimed at parliament, media
Australian Minister’s Phone Hacked as Report Reveals Hong Kong Link
Australian ministers are targets in Telegram phishing scam, Australia/NZ News & Top Stories - The Straits Times
Hackers target German lawmakers in an election year
Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters
Facebook disrupts Beijing's Uyghur hacking campaign | The Record by Recorded Future
Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy | MIT Technology Review
Apple releases iPhone, iPad and Watch security patches for zero-day bug under active attack | TechCrunch
US lacks visibility into digital espionage at home, NSA boss says
The Dark Web Is Teeming With Vaccine Listings Right Now | WIRED
Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts
T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation
New 5G protocol vulnerabilities allow location tracking | The Record by Recorded Future
PHP's Git server hacked to add backdoors to PHP source code
SSRF vulnerability in NPM package Netmask impacts up to 279k projects | The Daily Swig
H2C smuggling proves effective against Azure, Cloudflare Access, and more | The Daily Swig
Security researcher launches GoFundMe campaign to fight legal threat over vulnerability disclosure | The Daily Swig
Cloudflare launches JavaScript dependency dashboard utility to warn against Magecart-style malfeasance | The Daily Swig
Microsoft Teams is the first target for new app-focused bug bounty program | The Daily Swig
Slack Says Letting Anyone Message Anyone With Few Limits Was ‘a Mistake’
No, I Did Not Hack Your MS Exchange Server — Krebs on Security
Mar 31, 2021
Risky Business #619 -- REvil crew demands $50m from Acer

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • REvil demands US$50m from Acer in ransomware attack
  • Shell added to Accellion victim list
  • Governments banding together to tackle ransomware
  • BEC theft hits $1.8bn in 2021: FBI
  • Exchange tyre fire is, surprisingly, almost under control
  • MORE

Remediant’s Paul Lanzi will pop along in this week’s sponsor interview to talk about how they’ve integrated their PAM solution with Carbon Black. It’s an integration that is actually somewhat obvious in hindsight: if a box has been popped then some accounts have, too, so tying these things together does make sense.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware gang demands $50 million from computer maker Acer | The Record by Recorded Future
Ransomware attacks hit event-management, wireless technology firms
Energy giant Shell impacted in Accellion hack
Ransomwared Bank Tells Customers It Lost Their SSNs
New global model needed to dismantle ransomware gangs, experts warn
FBI: Cybercrime losses exceeded $4.2 billion in 2020 | The Record by Recorded Future
Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts | The Record by Recorded Future
US racing to address Microsoft vulnerabilities, especially for small businesses
Microsoft Exchange server patching efforts are going extraordinarily well | The Record by Recorded Future
The Peculiar Ransomware Piggybacking Off of China’s Big Hack | WIRED
Microsoft Exchange servers targeted by second ransomware group | The Record by Recorded Future
Chinese cyberspies go after telco providers, 5G secrets | The Record by Recorded Future
Finland pins Parliament hack on Chinese hacking group APT31 | The Record by Recorded Future
Line app allowed Chinese firm to access personal user data | The Record by Recorded Future
Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military
Encrypted Phone Firm 'Sky' Shuts Down
Threat actors start attacking F5 devices using recent vulnerability | The Record by Recorded Future
Google: A mysterious hacking group used 11 different zero-days in 2020 | The Record by Recorded Future
Attackers are trying awfully hard to backdoor iOS developers’ Macs | Ars Technica
Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls | WIRED
Space jam: Researchers and satellite start-ups meet to discuss celestial cybersecurity | The Daily Swig
Google awards Uruguayan researcher $133,337 top prize in cloud security competition | The Daily Swig
Verkada hacker charged in the US for hacking more than 100 companies | The Record by Recorded Future
Russian who tried to hack Tesla last summer pleads guilty | The Record by Recorded Future
Roll still doesn’t know how its hot wallet was hacked | TechCrunch
Microsoft blames crypto key rotation snafu for 365 outage | The Daily Swig
Mar 24, 2021
Risky Biz Soap Box: 12 years since Operation Aurora. Have we learned anything?

This is a wholly sponsored podcast brought to you by Okta.

In this interview we chat with Marc Rogers, the executive director of Cybersecurity at Okta.

The question that we’re exploring in this interview is whether or not we’ve managed to move the infosec needle since the Chinese government hacked Google back during the Operation Aurora attacks of 2009.

There are some real echoes of Operation Aurora in today’s headlines, like the SVR’s Solarwinds hack and Chinese APT crews using Exchange 0day.

Google did learn from Aurora and rearchitected its whole approach to minimise the chances of that sort of things happening again. They moved to their implementation of Zero Trust, Beyondcorp, and so far that looks like a good decision.

The rest of the world has been slow to follow, and that leads us to the question: have we actually made things better since Operation Aurora hit the headlines back in 2009?

Mar 23, 2021
Risky Business #618 -- MS security licensing faces congressional scrutiny

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The latest on the Exchange tyre fire
  • Lawmakers in the USA have had enough of Microsoft’s ridiculous licensing tiers
  • White House mulls software security rating system
  • Joseph Cox’s SMS adventures
  • Things didn’t quite work out for APT6920 Arson Cats
  • Much, much more

This week’s show is brought to you by VMRay. They asked us to interview one of their customers in this week’s sponsor segment so Brad Marr, the CISO of Life Fitness, pops in to walk through his VMRay use case.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

No signs yet of Exchange Server compromises at federal agencies, CISA says
At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns - CyberScoop
Up To 125,000 Servers Remain Vulnerable To Devastating Microsoft Exchange Attacks
A hacking group is hijacking Microsoft Exchange web shells | The Record by Recorded Future
Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs | The Record by Recorded Future
Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers | The Record by Recorded Future
There’s a vexing mystery surrounding the 0-day attacks on Exchange servers | Ars Technica
Critics fume after Github removes exploit code for Exchange vulnerabilities | Ars Technica
Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers | Reuters
Biden administration mulls software security grades after SolarWinds
Russia's Putin likely directed 2020 election meddling, U.S. finds | Reuters
FBI alert warns of Russian, Chinese use of deepfake content
A Hacker Got All My Texts for $16
Hackers access security cameras inside Cloudflare, jails, and hospitals | Ars Technica
Alleged Hacker Who Broke Into AI Surveillance Company Raided By Police
Tampa Twitter hacker agrees to three years in prison
Google, Linux Foundation, Red Hat release free tool to secure software supply chains | The Record by Recorded Future
Signal is down in China after 100 million reported downloads
Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People
Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App
Indicted CEO of Encrypted Phone Firm 'Sky' Says He Will Clear His Name
Buffalo Public Schools cancels classes after cyberattack
FBI warns of escalating Pysa ransomware attacks on education orgs
Molson Coors beer production disrupted after cyberattack | The Record by Recorded Future
Spanish government falls victim to Ryuk ransomware attack | The Record by Recorded Future
ZHtrap botnet deploys honeypots to trap&steal bots from rivals | The Record by Recorded Future
$5.7M stolen in Roll crypto heist after hot wallet hacked | TechCrunch
Two cryptocurrency portals are experiencing a DNS hijack at the same time | The Record by Recorded Future
WeLeakInfo Leaked Customer Payment Info — Krebs on Security
Security agencies leak sensitive data by failing to sanitize PDF files | The Record by Recorded Future
Critical 0-day that targeted security researchers gets a patch from Microsoft | Ars Technica
F5 releases patches for nearly two dozen vulnerabilities, some critical
Git vulnerability could enable remote code execution attacks during clone process | The Daily Swig
Mar 17, 2021
Risky Biz Feature Podcast: Chasing crooks through the blockchain

This podcast was made possible thanks to the support of the Hewlett Foundation’s Cyber Initiative. They’ve provided us with grant funding so we can do feature podcasts that will be of interest to people working in policy roles. The idea is educate people working in policy about issues that they’re in a position to do something about.

In this interview we spoke with Kim Grauer, the head of research at Chainalysis.

Chainalysis makes software that cryptocurrency exchanges, regulators, law enforcement and intelligence services use to get insight into what’s happening in terms of bitcoin and other cryptocurrencies moving around. You would have heard us talk about their reports in the news segment of Risky Biz a few times because they have a habit of publishing really interesting insights into things like the ransomware economy.

Mar 15, 2021
Risky Business #617 -- Exchangapalooza '21

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • All the Exchange boxes on the planet have pretty much been owned lol
  • See above
  • Someone’s hacking Russian crime forums
  • The Accellion scandal keeps on truckin’
  • Dependency confusion attacks are going berserk in the wild
  • Gab got owned. Again.
  • John McAfee is in all sorts of trouble
  • Much, much more

This week’s show is brought to you by Nucleus Security. Its director of APAC operations, Gil Azaria, joins us in this week’s sponsor interview to talk about how he became a Nucleus customer before he joined the vendor as its APAC guy.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Warning the World of a Ticking Time Bomb — Krebs on Security
Web shells everywhere - Risky Business
A Basic Timeline of the Exchange Mass-Hack — Krebs on Security
Attacks on Exchange servers expand from nation-states to cryptominers | The Record by Recorded Future
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software — Krebs on Security
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims | WIRED
CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers
Attacks on SolarWinds Servers Also Linked To Chinese Threat Actor | The Record by Recorded Future
‘Retaliation’ for Russia's SolarWinds Spying Isn't the Answer | WIRED
Three Top Russian Cybercrime Forums Hacked — Krebs on Security
The Accellion Breach Keeps Getting Worse—and More Expensive | WIRED
Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt
Cloud security firm Qualys reportedly victimized by prolific scammers - CyberScoop
Ransomware Gang Threatens To Launch DDoS Attacks, Call Reporters and Business Partners | The Record by Recorded Future
A new type of supply-chain attack with serious consequences is flourishing | Ars Technica
Open source software repositories play ‘whack-a-mole’ as ‘dependency confusion’ copycats exceed 5,000 | The Daily Swig
Massive FluBot Botnet Infects 60,000 Android Smartphones | The Record by Recorded Future
FluBot Malware Gang Arrested in Barcelona | The Record by Recorded Future
Gab, a haven for pro-Trump conspiracy theories, has been hacked again | Ars Technica
US Charges Infosec Veteran John McAfee over Cryptocurrency Pump-and-Dump Scheme | The Record by Recorded Future
GitHub users forcibly logged out of accounts to patch ‘potentially serious’ security bug | The Daily Swig
Airlines warn of data breaches after SITA passenger system hack | TechCrunch
Solutions to Detect Ransomware Attacks Can Often Be Very Trivial | The Record by Recorded Future
Research: How JSON parsers can create security risks when it comes to interoperability | The Daily Swig
Trojan Spyware and BEC Attacks
CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF
NSA and CISA promote PDNS concept | The Record by Recorded Future
Microsoft Exchange exploitation: how to detect, mitigate, and stay calm
Mar 10, 2021
Risky Business #616 -- Exchange 0day party time for Chinese APT crew

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Chinese APT crew goes berserk with Exchange 0day
  • Russia hacks Ukraine and USA, India hacks China, China hacks India
  • The NYTimes got something big wrong again (shock horror)
  • CANVAS exploit pack leaks, including their sweet, sweet Spectre exploit
  • Atlantic Council report into offensive capability vendors/contractors
  • Your vCentre gear it probably already on fire: find out why!
  • Much, much more

This week’s show is brought to you by Yubico, the makers of the Yubikey.

Yubico Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk about “passwordless authentication”. Some organisations have a pretty bad understanding of what passwordless is, while other organisations are running into the mountains to avoid even thinking about it. But with hardware supported WebAuthn becoming pretty much ubiquitous, Jerrod thinks a tipping point is coming. Also, they’ve launched passwordless auth for AzureAD.

NOTE: This podcast introduces Jerrod Chong as the CTO of Yubico. He’s actually the Chief Solutions Officer. It was our mistake, apologies!

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Microsoft says China-backed hackers are exploiting Exchange zero-days | TechCrunch
Orange Tsai 🍊 on Twitter: "The patch release of this BIG ONE is coming soon, and a short advisory is also standing by! (BTW, no one guess the right target in comments😛)" / Twitter
HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security
Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn | WIRED
Suspected China-linked hackers targeted India's energy sector, research suggests
China Appears to Warn India: Push Too Hard and the Lights Could Go Out - The New York Times
No 'Sabotage' Behind Mumbai Power Outage, Chinese Hacking Attempt a Month Later: Power Minister
Indian cyber-espionage activity rising amid growing rivalry with China, Pakistan | The Daily Swig
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on | ZDNet
Ukraine says Russia hacked its document portal and planted malicious files | Ars Technica
Ege Balcı on Twitter: "OMG !! Rumors are real😱😱 Immunity CANVAS 7.26 exploit pack is leaked. More than 800 1days and weaponized spectre exploit. https://t.co/N14QjMlKtD" / Twitter
First Fully Weaponized Spectre Exploit Discovered Online | The Record by Recorded Future
daveaitel on Twitter: "Just some random video that MAY or MAY NOT be interesting to you! :)" / Twitter
More Zero-Days Have Been Linked to Private Companies Than Any Nation State | The Record by Recorded Future
Countering cyber proliferation: Zeroing in on Access-as-a-Service - Atlantic Council
More than 6,700 VMware servers exposed online and vulnerable to major new bug | ZDNet
Far-Right Platform Gab Has Been Hacked—Including Private Data | WIRED
Rookie coding mistake prior to Gab hack came from site’s CTO | Ars Technica
Universal Health Services reports $67 million in losses after apparent ransomware attack
Payroll/HR Giant PrismHR Hit by Ransomware? — Krebs on Security
Is Your Browser Extension a Botnet Backdoor? — Krebs on Security
Suspicious finds: Researcher discovers Go typosquatting package that relays system information to Chinese tech firm | The Daily Swig
Microsoft shares tool to hunt for compromise in SolarWinds breach
Biden signs executive order demanding supply chain security review
H2C smuggling named top web hacking technique of 2020 | The Daily Swig
Hackers release a new jailbreak tool for almost every iPhone | TechCrunch
Yubico | #YubiKey on Twitter: "📍We've reached a new milestone in our #passwordless journey! Today, #YubiKey passwordless authentication is now generally available to @Microsoft’s #AzureAD users, a critical step toward achieving better security without compromising usability. https://t.co/u892JFipR9" / Twitter
Mar 03, 2021
Risky Biz Soap Box: ExtraHop CTO and co-founder Jesse Rothstein

This is a sponsored podcast featuring ExtraHop’s co-founder and CTO Jesse Rothstein. ExtraHop is a Network Detection and Response (NDR) vendor that started out offering network health and monitoring tools before being pulled into the security space by its own customers.

Jesse joined host Patrick Gray to talk about the SolarWinds compromise from a Network Detection and Response vendor’s perspective, about cloud security and monitoring, some of ExtraHop’s backstory and more. Enjoy!

Mar 01, 2021
Risky Business #615 -- Dependency confusion is, uh, pretty bad

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • USA floats new sanctions against Russia
  • TikTok, WeChat get stay of execution
  • Dependency confusion is ugh
  • US indicts Lazarus crypto-thieves
  • France ties Sandworm crew to Centreon intrusion
  • MORE

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder Haroon Meer is this week’s sponsor guest and he joins us to have a very Haroon-style conversation. We talk about how security controls and detections often fall over when things happen that take place outside of our assumptions: trojaned software updates, attackers hiding in unconventional places like monitors, things like that. That’s a great conversation.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Biden administration planning to sanction Russia for SolarWinds hacks - The Washington Post
SolarWinds hackers targeted NASA, Federal Aviation Administration networks | TechCrunch
SolarWinds hackers studied Microsoft source code for authentication and email | Reuters
Centreon says only 15 entitites were targeted in recent Russian hacking spree | ZDNet
France Ties Russia's Sandworm to a Multiyear Hacking Spree | WIRED
Dax-Côte d’Argent hospital in France hit by ransomware attack | The Daily Swig
FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group | ZDNet
China Hijacked an NSA Hacking Tool in 2014—and Used It for Years | WIRED
Biden administration pauses Trump's plans to ban WeChat, TikTok - CyberScoop
North Korean Hackers Accused Of ‘Biggest Cryptocurrency Theft Of 2020’—Their Heists Are Now Worth $1.75 Billion
Feds Indict North Korean Hackers for Years of Heists and Scams | WIRED
Dependency confusion attack mounted via PyPi repo exposes flawed package installer behavior | The Daily Swig
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Feb, 2021 | Medium
Microsoft warns enterprises of new 'dependency confusion' attack technique | ZDNet
Microsoft starts removing Flash from Windows devices via new KB4577586 update | ZDNet
Flash version distributed in China after EOL is installing adware | ZDNet
Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang — Krebs on Security
(2) The Riviera Maya Gang: Cash, Crime, Killing - YouTube
Spike in ATM Skimming in Mexico? — Krebs on Security
Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests | ZDNet
New malware found on 30,000 Macs has security pros stumped | Ars Technica
Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks
RIPE NCC discloses failed brute-force attack on its SSO service | ZDNet
Lawmakers Demand Answers from Military on Muslim App Data
BIND implements DNS-over-HTTPS to offer enhanced privacy | The Daily Swig
Parler Says It’s Back | WIRED
Security bugs left unpatched in Android app with one billion downloads | ZDNet
Yandex said it caught an employee selling access to users' inboxes | ZDNet
Prosecutor charges former phone company employee in SIM-swap scheme | Ars Technica
Authorities arrest SIM swapping gang that targeted celebrities | ZDNet
Data retention laws: Australian police given new metadata recommendations
Prosecutors Suspend Government Spyware Used in WhatsApp Phishing Attacks
Canary — know when it matters
Feb 24, 2021
Risky Biz Feature Podcast: A primer on Microsoft cloud security

Recent attacks by SVR against US targets have mostly been written up under the moniker of the “SolarWinds campaign”. In our view, that’s inaccurate. The defining characteristic of this campaign wasn’t the SolarWinds supply chain stuff, it’s was the abuse of Microsoft cloud services.

My understanding of how contemporary cloud services work isn’t actually as good as it should be. And that got me thinking – if my understanding isn’t that great, then there’s probably a lot of other people out there who don’t quite grok this stuff, particularly on the policy side. So, I set out to prepare a primer on Microsoft cloud security.

Our guest in this podcast is Dirk-Jan Mollema. He works at Fox-IT in the Netherlands and is one of their core researchers on Azure AD and Active Directory Security. What you’re about to listen to, essentially, is me picking his brain so I can wrap my own head around this stuff. The hope is that some of you will learn along with me!

Feb 11, 2021
Risky Business #614 -- So was it Florida Man or an Iranian APT?

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The latest on the attempted Florida water poisoning incident
  • How to abuse Google Sync services for great victory
  • Why Signal’s TLS proxies for Iranians are probably a bad idea
  • OG username brokers targeted by social media legal army
  • Much, much more

This week’s sponsor interview is with Dan Guido of Trail of Bits. They’ve released an enterprise version of their iVerify tool. It’s a security tool for iOS (an Android version is in beta) that lets organisations monitor things like patch levels and passcode compliance without actually requiring the installation of MDM profiles. It’s an enterprise mobile security tool for orgs that don’t need or want full MDM.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hackers try to contaminate Florida town's water supply through computer breach | Reuters
Water, Water Everywhere – But Nary a Hacker to Blame – Stranded on Pylos
'Cyberpunk 2077' Maker Was Hit With Ransomware—and Won't Pay Up | WIRED
FBI leaned on Dutch cops' hacking in Emotet disruption
Researchers find financial ties between notorious ransomware gangs
Blockchain transactions confirm murky and interconnected ransomware scene | ZDNet
Two Iranian hacking groups appear to be actively snooping on critics around the globe
Signal issues workaround for Iran's ban of messaging app
Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes
Here's the Cease and Desist Facebook Sent to 'OG' Account Thieves
A Coordinated Takedown Targets 'OGUser' Account Thieves | WIRED
Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts — Krebs on Security
Security firm Stormshield discloses data breach, theft of source code | ZDNet
Lawsuit filed against California firm over Washington state auditor data breach | The Seattle Times
Rudy Giuliani, Sidney Powell named in $US2.7 billion libel suit by Smartmatic voting company
Chrome users have faced 3 security concerns over the past 24 hours | Ars Technica
InfoSec Handlers Diary Blog
CacheFlow: Malware hidden in popular browser extensions went undetected for years | The Daily Swig
Google: Proper patching would have prevented 25% of all zero-days found in 2020 | ZDNet
Project Zero: Déjà vu-lnerability
SonicWall issues patch for firmware zero-day used to attack the company and its customers
‘Severe’ SolarWinds Vulnerabilities Allow Hackers To Take Over Servers
Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks, security researcher claims | The Daily Swig
Android devices ensnared in DDoS botnet | ZDNet
A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets
Clearview AI ruled ‘illegal’ by Canadian privacy authorities | TechCrunch
Arrest, Raids Tied to ‘U-Admin’ Phishing Kit — Krebs on Security
Serbian man extradited to US over cryptocurrency mining fraud scheme
Hack against older Nespresso vending machines facilitates endless free beverage exploit | The Daily Swig
There Are Spying Eyes Everywhere—and Now They Share a Brain | WIRED
Patrick Gray on Twitter: "I'm wondering if anyone can tell me if MDM is still a necessary enterprise software category? iPhone/Android data at rest is fairly secure (assuming passcode is set) and widespread commodity device ownage isn't really an issue. Is MDM still actually useful?" / Twitter
iVerify for Organizations | iPhone and Android Security for Your Team
Feb 10, 2021
Risky Business #613 -- It's time to check your Accellion logs

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Emotet is… gone?
  • Accellion FTAs were owned everywhere, not just in ANZ
  • US courts air-gap sensitive filings in wake of Holiday Bear attacks
  • iOS 14 brings iMessage security improvements
  • Much, much more

Proofpoint’s Sherrod DeGrippo is this week’s sponsor guest. She joins the show to talk about Emotet’s demise, Trickbot’s survival, BEC, ransomware and more.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Cops Disrupt Emotet, the Internet's ‘Most Dangerous Malware’ | WIRED
Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?
New Trickbot module uses Masscan for local network reconnaissance | ZDNet
U.K. Arrest in ‘SMS Bandits’ Phishing Service — Krebs on Security
Accellion appliances under attack - Risky Business
Accellion FTA Targeted by Web Shell | GuidePoint Security
Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say | Morningstar
Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources | Reuters
Russian hack brings changes, uncertainty to US court system
After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case
South Sudan worked with Israeli surveillance company to monitor citizens, Amnesty finds
Apple Fixes One of the iPhone's Most Pressing Security Risks | WIRED
The Taxman Cometh for ID Theft Victims — Krebs on Security
Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks | ZDNet
Facebook Ad Services Let Anyone Target US Military Personnel | WIRED
Pranking My Roommate With Eerily Targeted Facebook Ads
Hezbollah's cyber unit hacked into telecoms and ISPs | ZDNet
Google bans another misbehaving CA from Chrome | ZDNet
A network of Twitter bots has attacked the Belgian government's Huawei 5G ban | ZDNet
FonixCrypter ransomware gang releases master decryption key | ZDNet
For Microsoft, cybersecurity has become bigger than business
Google funds project to secure Apache web server project with new Rust component | ZDNet
SonicWall zero-day exploited in the wild | ZDNet
Ollie Whitehouse on Twitter: "@SonicWall @NCCGroupInfosec We have had confirmed receipt from yourselves" / Twitter
Urgent Security Notice: SonicWall Confirms SMA 100 Series 10. X Zero-Day Vulnerability [Feb. 1, 2 P.M. CST] | SonicWall
British Mensa website hacked after directors quit over ‘data protection failures’ | The Daily Swig
Huawei’s HarmonyOS: “Fake it till you make it” meets OS development | Ars Technica
Feb 03, 2021
Risky Biz Soap Box: Email is a target, not just a vector

These Soap Box editions of the show are wholly sponsored, which means everyone you hear in one of these editions, paid to be here.

This edition of the show is brought to you by Material Security. Basically what they do is lock up your cloud-based email. They use Google and Microsoft’s APIs to redact sensitive information from your mail spool – or even redact entire messages from your spool, like, say, anything over a month old – and then kick you up to an auth challenge when you want to access that mail.

It’s a product that recognises that email isn’t just a vector – often it’s an attacker’s target.

Feb 01, 2021
Risky Business #612 -- DPRK slides into researcher DMs

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • DPRK offers free 0day to researchers, with a pretty significant catch
  • SonicWall gets owned because it runs SonicWall gear. Big mistake.
  • Chinese trains didn’t stop running because Flash died :(
  • Dominion to sue Rudy Giuliani for $1.3bn over insecurity claims
  • The sudo bug. Lol.

This week’s show is brought to you by Cmd Security, the Linux security company. Its focus has traditionally been on restricting the type of bash commands users can enter. It’s like a control plane for Linux systems. But some of its customers manage their Linux endpoints through different, non-bash entry points. So they’ve added some features to their product to deal with that, which has also resulted in them having an IDR capability. It’s all pretty sensible stuff though, and Cmd co-founder and CEO Jake King will be along to talk us through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

New campaign targeting security researchers
Fake Twitter personas, bogus blog delivered North Korea-linked malware to researchers
As Adobe Flash stops running, so do some railroads in China | Apple Daily
Flash Is Dead—but Not Gone | WIRED
South African government releases its own browser just to re-enable Flash support | ZDNet
SonicWall says it was hacked using zero-days in its own products | ZDNet
Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team
Ransomware hackers launder bitcoin through just a handful of locations, researchers find
No decisions yet on any changes to TikTok or Huawei cases, White House says
Dominion files $1.3 billion defamation suit against Giuliani over election security claims
FBI tracking cell phones, Capitol riots | wusa9.com
Technologists Use Facial Recognition on Parler Videos
DIA uses purchased phone location data without warrants
Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treaty - The New York Times
FSB warns of US cyberattacks after Biden administration comments | ZDNet
Cyber ‘Deterrence’: A Brexit Analogy - Lawfare
Hacker leaks data of 2.28 million dating site users | ZDNet
Intel says financial graphic was 'hacked,' forcing early release of 2020 report
Reuters accused of hack attack | ZDNet
DDoSers are abusing Microsoft RDP to make attacks more powerful | Ars Technica
Apple fixes another three iOS zero-days exploited in the wild | ZDNet
Hackers actively scanning for vulnerable SAP systems after exploit gets dropped on GitHub | The Daily Swig
MrbMiner crypto-mining operation linked to Iranian software firm | ZDNet
Details of YouTube viewing history exposure bug made public | The Daily Swig
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks | Threatpost
Bot Lets Hackers Easily Look Up Facebook Users' Phone Numbers
Australian orgs exposed to Accellion vulnerability
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog
A deeper dive into our May 2019 security incident - Stack Overflow Blog
Jan 27, 2021
Risky Business #611 -- MalwareBytes the latest "Holiday Bear" victim

On this week’s show Dmitri Alperovitch, Sherrod DeGrippo and Joe Slowik join host Patrick Gray to talk through the week’s news:

  • MalwareBytes the latest victim in the increasingly poorly-named “SolarWinds campaign”
  • FireEye issues helpful guidance, tools, to help orgs detect “golden SAML” and related techniques
  • Rob Joyce, Anne Neuberger, Michael Sulmeyer all get promoted! Wooo!
  • Much, much more

This week’s show is brought to you by Airlock Digital. They make what we’re calling an execution control platform. Its central feature is easy-to-use and hard-to-bypass allowlisting. It’s a bunch of sensible and useable controls packaged up into a 7Mb. It slices, it dices, it slays lolbins and user powershell rights, and it comes in a beautiful suede pouch! It’s the endpoint protection you get when it’s built by practitioners in concert with people who actually understand windows internals. That’s right! Patrick is drinking the Kool-Aid on this one! Airlock founders Dave Cottingham and Daniel Schell join in this week’s sponsor interview to talk through allow-listings second wave of popularity.

Links to everything are below!

Show notes

Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet
Fourth malware strain discovered in SolarWinds incident | ZDNet
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers | ZDNet
Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine | Ars Technica
Rob Joyce named new NSA cybersecurity director - CyberScoop
Biden team taps NSA Cybersecurity Director Anne Neuberger for NSC - CyberScoop
Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig
Airbnb to Cancel All DC Bookings in Inauguration Week
CISA tells agencies to consider ad blockers to fend off 'malvertising'
Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet
Iranian cyberspies behind major Christmas SMS spear-phishing campaign | ZDNet
Joker's Stash, the internet's largest carding forum, is shutting down | ZDNet
After judge orders release of hacker tied to ISIS, US says 'Not so fast'
A security researcher commandeered a country’s expired top-level domain to save it from hackers | TechCrunch
Scam-as-a-Service operation made more than $6.5 million in 2020 | ZDNet
Signal endures 'technical difficulties' amid new popularity - CyberScoop
Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware | The Daily Swig
Critical zero-day RCE in Microsoft Office 365 awaits third security patch | The Daily Swig
FBI investigating whether woman stole laptop from Pelosi's office to sell it to Russia - POLITICO
Linux Mint fixes screensaver bypass discovered by two kids | ZDNet
Text of a Letter to the Speaker of the House of Representatives and the President of the Senate | The White House
Request an Airlock Product Demonstration - Airlock Digital
Jan 20, 2021
Risky Business #610 -- Propellerheads in dark on JetBrains

Joe Slowik and Katie Nickels are guest co-hosts in this week’s edition of the show. They join Patrick Gray to talk about:

  • Mimecast having some stolen certificate, errr, “problems”
  • The confusing reports about JetBrains
  • Analysis of the malware used in the SolarWinds campaign
  • Australian man arrested in Germany and charged with running DarkMarket
  • The Great Deplatforming of 2021

This week’s show is brought to you by Gigamon.

If you’re a Gigamon shop you should really take a look at their ThreatInsight platform, that’s a no brainer. Even if you’re not, they’re real players in the network detection and response space. Joining us in this week’s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.

Links to everything that we discussed are below and you can follow Patrick, Katie or Joe on Twitter if that’s your thing.

Show notes

Mimecast says hackers abused one of its certificates to access Microsoft accounts | ZDNet
JetBrains denies being involved in SolarWinds hack | ZDNet
Federal courts are latest apparent victim of SolarWinds hack
CISA: SolarWinds hackers also used password guessing to breach targets | ZDNet
Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security
The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group | WIRED
(1) New Message!
SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack - CyberScoop
Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources | Reuters
DarkMarket: world's largest illegal dark web marketplace taken down | Europol
Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That?
Trump Is Permanently Suspended From Twitter
Facebook bans Trump indefinitely; risks 'simply too great,' Zuckerberg says - CyberScoop
Amazon boots Parler from web hosting service over violent content - CyberScoop
Google removes Parler app from Play Store | ZDNet
Twitter purges QAnon accounts; Facebook targets 'Stop the Steal' - CyberScoop
Some ransomware gangs are going after top execs to pressure companies into paying | ZDNet
Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data | WIRED
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips | Ars Technica
Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor | The Daily Swig
Telegram feature exposes your precise address to hackers | Ars Technica
WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app | Ars Technica
More Chinese apps attract a ban from a presidential administration on the way out
China CCP to Nationalize Jack Ma's Alibaba and Ant Group - Report
CES 2021: Intel adds ransomware detection capabilities at the silicon level | ZDNet
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes | Threatpost
Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks | The Daily Swig
Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon
Jan 13, 2021
Risky Biz Soap Box: Mapping NIST 800-53 to MITRE ATT&CK

These Soap Box editions of the show are wholly sponsored. If that’s not your thing and you’re looking for the weekly news edition of the show, just scroll one show back in your feed.

This soap box edition is brought to you by AttackIQ. They make a Breach and Attack Simulation platform that’s designed to test the effectiveness of your security controls by simulating bad things in your environment.

Carl Wright and Jonathan Reiber are joining us in this edition of the show. These days he’s AttackIQ’s senior director of cybersecurity and strategy but he previously served as a former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense.

They joined the show to talk through their work in mapping NIST 800-53 to the MITRE ATT&CK framework. Enjoy!

Jan 12, 2021
Risky Business #609 -- It's not NotPetya

On this week’s show, Patrick Gray talks to Joe Slowik and Dmitri Alperovitch about the APT campaign that impacted the US government and FireEye via SolarWinds’ supply chain.

Alex Stamos also joins the show to chime in more generally on supply chain interference before discussing some other news, like:

  • Apple losing (most of) its case against Corellium
  • Assange won’t be extradited… yet
  • Adobe has finally killed Flash, and killed it good

This week’s show is brought to you by Signal Sciences. In this week’s sponsor interview we’ll be talking to a Signal Sciences customer, Doug DePerry. He heads product security at the Gemini cryptocurrency exchange. We’ll be talking to him about what that’s like because those sort of outfits tend to attract decent attackers.

Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing.

Jan 06, 2021
Risky Business #608 -- FireEye discloses breach and tool exfil

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:

  • FireEye’s Very Bad Week
  • Russian bears all up in your VMwares
  • Chris Krebs sues Trump campaign
  • Foxconn ransomware
  • So much more

Proofpoint’s Ryan Kalember is this week’s sponsor guest. He joins the show to talk about their rather different approach to DLP and insider threat detection. You may have noticed we don’t really talk about DLP a whole bunch on this show because it’s, well, really boring. But Proofpoint actually has an interesting approach to the problem that’s different enough to be interesting, so do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools | Reuters
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability | ZDNet
Former CISA director Chris Krebs sues Trump campaign, lawyer after death threats
Foxconn electronics giant hit by ransomware, $34 million ransom
Ransomware attack may delay scheduled procedures at Baltimore-area medical center
Ransomware attack cripples Vancouver public transportation agency | ZDNet
Ransomware hits helicopter maker Kopter | ZDNet
Ransomware gang Egregor publishes details from HR firm Randstand following hack
Ransomware gangs are now cold-calling victims if they restore from backups without paying | ZDNet
The Internet’s Most Notorious Botnet Has an Alarming New Trick | WIRED
Hackers leak data from Embraer, world's third-largest airplane maker | ZDNet
Data of 243 million Brazilians exposed online via website source code | ZDNet
North Korean hackers ramp up coronavirus vaccine targeting
Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day | ZDNet
Hackers Are Targeting the Covid-19 Vaccine ‘Cold Chain’ | WIRED
Disputed bug in Microsoft Teams posed RCE risk, researcher warns | The Daily Swig
iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever | Ars Technica
Critical Flaws in Millions of IoT Devices May Never Get Fixed | WIRED
8% of all Google Play apps vulnerable to old security bug | ZDNet
A Broken Piece of Internet Backbone Might Finally Get Fixed | WIRED
Meet ODoH, where privacy means just not knowing anything
BTC-e founder sentenced to five years in prison for laundering ransomware funds | ZDNet
Hacker who sent information on US personnel to Islamic State is freed by judge
Kazakhstan government is intercepting HTTPS traffic in its capital | ZDNet
Dell announces new protections for its PC and server supply chain | ZDNet
Massachusetts lawmakers vote to pass a statewide police ban on facial recognition | TechCrunch
Account Hijacking Site OGUsers Hacked, Again — Krebs on Security
Russian bears all up in your VMwares - Risky Business
Hacker opens 2,732 PickPoint package lockers across Moscow | ZDNet
Dec 09, 2020
Risky Biz Soap Box: VMRay co-founders on the evolution of sandbox tech

Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.

VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.

Dec 07, 2020