Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1253
Reviews: 3


 Aug 1, 2021

Anders
 Jul 13, 2020


 Oct 10, 2018

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #642 -- Brits, Dutch and Aussies embrace Hounds Doctrine

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • UK, Netherlands and Australia promise offensive response to big ticket ransomware
  • Wave of major cyber regulation and legislation in USA
  • Iran up in yer O365s, Russians in yer gmails
  • Submarine spy guy would have been fine, if he didn’t make one very big mistake
  • Much, much more

Jonathan Reiber is this week’s sponsor guest. He’s senior director of cybersecurity at AttackIQ and he’s joining us to talk through the US Government’s executive order on Zero Trust. Jonathan says it is actually born of a realisation the US Government needs to do something differently, that the old approaches aren’t working.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

UK cyber head says Russia responsible for 'devastating' ransomware attacks - BBC News
Netherlands can use intelligence or armed forces to respond to ransomware attacks - The Record by Recorded Future
Ransomware Action Plan
Ransomware hackers find vulnerable target in U.S. grain supply
Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets
Macquarie Health Corporation hit by cyberattack as hackers claim 6700 people affected | news.com.au — Australia’s leading news site
Microsoft: Iran-linked hackers breached Office 365 customer accounts - The Record by Recorded Future
Google notifies 14,000 Gmail users of targeted APT28 attacks - The Record by Recorded Future
Google distributing 10,000 security keys to journalists, elected officials, human rights activists | The Daily Swig
Peanut butter and ProtonMail: US charges underscore evolution of espionage in digital age
Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes | Reuters
Senate committee advances major cybersecurity legislation - The Record by Recorded Future
Justice Department launches a National Cryptocurrency Enforcement Team - The Record by Recorded Future
DOJ to go after government contractors who don't disclose breaches - The Record by Recorded Future
TSA to impose cybersecurity mandates on major rail and subway systems - The Washington Post
OMB orders federal agencies to let CISA access defenses of devices, servers
CIA Funding Arm Gave Encrypted App Wickr $1.6 Million
U.S. prosecution of alleged WikiLeaks ‘Vault 7’ source hits multiple roadblocks
Ukraine arrests operator of DDoS botnet with 100,000 bots - The Record by Recorded Future
Botnet abuses TP-Link routers for years in SMS messaging-as-a-service scheme - The Record by Recorded Future
Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever - The Record by Recorded Future
Report links Indian company to spyware that targeted Togolese activist - The Record by Recorded Future
Trolls defaced Twitch's website with pictures of Jeff Bezos, the latest security concern
Twitch says no user passwords or cards numbers were exposed in major hack - The Record by Recorded Future
Video game streaming service Twitch suffers major data breach
Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly
Microsoft to disable Excel 4.0 macros, one of the most abused Office features - The Record by Recorded Future
NSA warns of ALPACA TLS attack, use of wildcard TLS certificates - The Record by Recorded Future
Azure, GitHub, GitLab, BitBucket mass-revoke SSH keys following bug report - The Record by Recorded Future
Reverse engineering and decrypting CyberArk vault credential files | Jelle Vergeer
Security researchers find another UEFI bootkit used for cyber-espionage - The Record by Recorded Future
Apple patches iPhone zero-day in iOS 15.0.2 - The Record by Recorded Future
Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2 | IOMFB_integer_overflow_poc
Apache HTTP Server update fails to squash path traversal, RCE bugs | The Daily Swig
Executive Order on Improving the Nation's Cybersecurity | The White House
Oct 13, 2021
Risky Business #641 -- Lawsuit: Ransomware contributed to baby's death

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Group-IB CEO arrested in Russia for treason
  • Lawsuit alleges ransomware contributed to hospitalised baby’s death
  • Nakasone outs self as hound release advocate
  • Syniverse owned, but we don’t know how badly
  • Why Google keyword warrants are awesome
  • Much, much more…

Nucleus co-founder Scott Kuffer is this week’s sponsor guest and the topic is actually a bit hilarious. They’ve found a killer use case that customers are clamouring for: Being able to map vulnerabilities to org groups within your enterprise so you can see who’s slacking off when it comes to patching.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Group-IB founder arrested in Moscow on state treason charges - The Record by Recorded Future
Baby died because of ransomware attack on hospital, suit says
Conti gang threatens to dump victim data if ransom negotiations leak to reporters - The Record by Recorded Future
US to work with 30 countries to tackle ransomware problem - The Record by Recorded Future
Two ransomware operators arrested in Ukraine - The Record by Recorded Future
Ransomware gangs are starting more drama on cybercrime forums, upending 'honor among thieves' conventions
Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands - The Record by Recorded Future
NSA chief predicts U.S. will face ransomware 'every single day' for years to come - The Record by Recorded Future
Company That Routes Billions of Text Messages Quietly Says It Was Hacked
Hackers bypass Coinbase 2FA to steal customer funds - The Record by Recorded Future
The Rise of One-Time Password Interception Bots – Krebs on Security
FCC to work on rules to prevent SIM swapping attacks - The Record by Recorded Future
Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim’s Name, Address And Telephone Number
How a Secret Google Geofence Warrant Helped Catch the Capitol Riot Mob | WIRED
EXCLUSIVE U.S. lawmakers push for new controls on ex-spies working overseas | Reuters
DHS and NIST release post-quantum cryptography guidance - The Record by Recorded Future
New emergency cyber regulations lay out ‘urgently needed’ rules for pipelines but draw mixed reviews - The Washington Post
Rep. Katko introduces bill that would prioritize security for key US critical infrastructure
Let’s Encrypt root cert update catches out many big-name tech firms | The Daily Swig
Academics discover hidden layer in China's Great Firewall - The Record by Recorded Future
Bandwidth.com is latest victim of DDoS attacks against VoIP providers
A Simple Bug Is Leaving AirTag Users Vulnerable to an Attack | WIRED
Apache fixes actively exploited web server zero-day - The Record by Recorded Future
Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords
Around the world with the NSA's cyber chief - The Record by Recorded Future
Facebook blames 'faulty configuration change' for major outages
Report: New PCR test intelligence around Wuhan suggests COVID-19 was virulent earlier than thought - The Record by Recorded Future
Does This Exposed Chinese Database Pose a Security Threat?
Oct 06, 2021
Risky Biz Snake Oilers: Mike Wiacek launches Stairwell, Red Canary on modern MDR and Datadog pitches full stack monitoring

In this edition of the Snake Oilers we’ll hear pitches from three vendors:

  • Stairwell! A new startup from Chronicle Security co-founder Mike Wiacek
  • Red Canary explains what modern managed detection and response looks like
  • Pierre Betouin from Datadog talks about the challenges around bringing together DevOps and Security while providing full-stack security

Links to everything we talked about are in the show notes.

[CORRECTION: Mike Wiacek was originally described as the co-founder of VirusTotal in this podcast. He is in fact a co-founder of Chronicle Security, which absorbed VirusTotal after launching.]

Oct 01, 2021
Risky Business #640 -- Huh. The CIA really was out to neck Assange

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The amazing Yahoo! News story on the former CIA director’s awesome brainwaves
  • Hostage diplomacy pays off for Huawei CFO
  • NSA releases great guidance on VPN security
  • Microsoft has actually hired a cybersecurity executive
  • Much, much more

This week’s show is brought to you by Material Security. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider’s API – whether you’re on Google Workspace or O365 – to do things like archive and redact email, and they’re finding their customers are using these features to actually implement retention email strategies.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks
The Yahoo Story about All the Things CIA Wasn't Allowed to Do Against WikiLeaks - emptywheel
Controversial Maricopa "Audit" Concludes that Biden Won by More Votes Than Previously Reported - by Kim Zetter - Zero Day
China played dirty to get Huawei’s 'princess' back — too dirty even to tell its own people - ABC News
Newly-formed international alliances vow to improve cybersecurity, in moves China sees as affront
EU formally blames Russia for GhostWriter influence operation - The Record by Recorded Future
Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider - The Record by Recorded Future
US deports highly-prized hacker back to Russia - The Record by Recorded Future
He Escaped the Dark Web's Biggest Bust. Now He's Back | WIRED
NSA, CISA publish guide for securing VPN servers - The Record by Recorded Future
The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
Biden administration officials push Congress to shape breach reporting mandates
Ransomware Isn't Back. It Never Left | WIRED
CISA, FBI, NSA warn of increased attacks involving Conti ransomware
Major European call center provider goes down in ransomware attack - The Record by Recorded Future
Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims
State-sponsored hacking group targets Port of Houston using Zoho zero-day - The Record by Recorded Future
Russian missile fuel maker targeted with recent Office zero-day - The Record by Recorded Future
Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft | Reuters
Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials - The Record by Recorded Future
New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica
Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes - The Record by Recorded Future
Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr
Apple patches iOS and macOS zero-day exploited in the wild - The Record by Recorded Future
New iCloud Private Relay service leaks users’ true IP addresses, researcher claims | The Daily Swig
Lithuanian government warns about secret censorship features in Xiaomi phones - The Record by Recorded Future
VMware vCenter deployments under attack as enterprises urged to update systems | The Daily Swig
Developers fix multitude of vulnerabilities in Apache HTTP Server | The Daily Swig
Google finds adware strain abusing novel file signature evasion technique - The Record by Recorded Future
Device ‘breakage’ concerns persist days before Let’s Encrypt root cert expiry | The Daily Swig
Meet TruffleHog – a browser extension for finding secret keys in JavaScript code | The Daily Swig
#RomHack2021 - Dirk-jan Mollema - Breaking Azure AD joined endpoints in zero-trust environments - YouTube
Sep 29, 2021
Risky Business #639 -- USA's ransomware non-policy fails to meet its unstated objective

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • BlackMatter is back in the USA’s critical supply chain
  • The FBI and friends apparently got up in REvil’s business
  • The Azure OMI thing is totally the disaster we were expecting
  • Much, much more

Brett Winterford is this week’s sponsor guest. These days Brett is a senior director of cybersecurity strategy at Okta, but the reason you might recognise his name is because he took a year off working for vendors to be our newsletter author – he was the founding editor of the Seriously Risky Business newsletter.

He’ll be along to talk about legacy auth and why vendors should have deprecation policies.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware gang strikes Iowa agriculture business New Cooperative, the latest hack on food supply chain
After Biden Warning, Hackers Define ‘Critical’ as They See Fit - Bloomberg
Customer Care Giant TTEC Hit By Ransomware – Krebs on Security
Opinion | America Is Being Held for Ransom. It Needs to Fight Back. - The New York Times
(4) Patrick Gray on Twitter: "Achievement unlocked: The Risky Biz release the hounds doctrine has now been condemned by gg. https://t.co/6W9uHwHLyl" / Twitter
FBI held back ransomware decryption key from businesses to run operation targeting hackers - The Washington Post
Biden administration to target ransomware attacks by cracking down on crypto payments - The Washington Post
The battle between the U.S. and ransomware hackers is escalating
DDoS botnets, cryptominers target Azure systems after OMIGOD exploit goes public - The Record by Recorded Future
Microsoft fixes OMIGOD bugs in secret Azure app - The Record by Recorded Future
Why Government and Military Sites Are Hosting Porn and Viagra Ads
Report: China-linked hackers take aim at Times of India and a biometric bonanza - The Record by Recorded Future
(5) Andrew Roth on Twitter: "Apple and Google have deleted the @navalny app from their store as Duma elections begin, bowing to pressure from the government. Russians can’t find the app in their store, it still works outside of country. https://t.co/CtTf0ZushW" / Twitter
Exclusive: An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan
Former NSA Hacker Describes Being Recruited for UAE Spy Program - by Kim Zetter - Zero Day
Key security agencies split over whether to sanction a Huawei spinoff, Honor, by placing it on a Commerce blacklist - The Washington Post
106 Italian mafia members arrested for SIM swapping, BEC scams, phishing - The Record by Recorded Future
Man who bribed AT&T employees to install malware on the company's network gets 12 years in prison - The Record by Recorded Future
Supply chain attacks against the open source ecosystem soar by 650% – report | The Daily Swig
Google announces partnership to review security of open source software projects | The Daily Swig
Researcher discloses iPhone lock screen bypass on iOS 15 launch day - The Record by Recorded Future
Google will extend Permission Auto-Reset feature to older Android versions - The Record by Recorded Future
Malware samples found trying to hack Windows from its Linux subsystem - The Record by Recorded Future
AMD CPU driver bug can break KASLR, expose passwords - The Record by Recorded Future
Microsoft to let users completely remove account passwords and go passwordless - The Record by Recorded Future
Auditing your Okta org for Legacy Authentication | Okta Security
Sep 22, 2021
Risky Business #638 -- Licensed to Pwn

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Apple 0day has everyone freaking out
  • So much more 0day in the wild
  • American Project Raven staffers settle with DoJ
  • Two absolutely bonkers Azure security problems
  • SEC tells corporate America to spill on breaches
  • Much, much more

In this week’s sponsor interview Gigamon’s security product manager Fayyaz Rajpari will be along to talk about some of the work they’ve been doing to integrate their NDR product with Crowdstrike.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Apple iPhone security update points to growing problem of 'zero days'
Apple urges security update after new iMessage flaw disclosed
Apple patches an NSO zero-day flaw affecting all devices | TechCrunch
(8) Shane Huntley on Twitter: "@riskybusiness Let’s not jump to the conclusion that NSO have an endless supply of zero click exploits and there is nothing that can be done. Security nihilism and learned helplessness plays into attackers’ hands. We can make progress here." / Twitter
Warning: Update Chrome Now As Hackers Attack Two Major Vulnerabilities In Google Browser
Microsoft Windows 10 Windows Server Office CVE-2021-40444 0day attack
Microsoft patches Office zero-day in today's Patch Tuesday - The Record by Recorded Future
CISA warns of Zoho server zero-day exploited in the wild - The Record by Recorded Future
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog
(8) Ami Luttwak on Twitter: "@GossiTheDog This is even more severe. The RCE is the simplest RCE you can ever imagine. Simply remove the auth header and you are root. remotely. on all machines. Is this really 2021? https://t.co/iIHNyqgew4" / Twitter
Cross-Account Container Takeover in Azure Container Instances
VMware denies allegations it leaked Confluence RCE exploit | The Daily Swig
US fines former NSA employees who provided hacker-for-hire services to UAE - The Record by Recorded Future
Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government | OPA | Department of Justice
Hacking Team Customer in Turkey Was Arrested for Spying on Police Colleagues [or: The Spy Story That Spun a Tangled Web] - by Kim Zetter - Zero Day
Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America | Reuters
Chad Loder on Twitter: "Anonymous has just announced a massive hack of Epik, long known as the hosting provider of choice for neonazis, right-wing extremists, and other Internet trash. Anonymous are releasing a decade's worth of detailed Epik customer & domain data, passwords, emails, and private keys. https://t.co/3rbfonegtq" / Twitter
Anonymous Claims It Hacked Everything From Nazis' Favorite Web Host
Wikimedia bans seven Chinese users citing "security risk" - The Record by Recorded Future
Report: Beijing, Moscow step up efforts to control the Internet’s backbone - The Record by Recorded Future
Australia supplants China to build undersea cable for Solomon Islands | Solomon Islands | The Guardian
Indonesian intelligence agency compromised in suspected Chinese hack - The Record by Recorded Future
OWASP Top 10 ranking has a new leader after ten years - The Record by Recorded Future
Encrypted Phone Firm Ciphr, Used by Criminals, Moves to Cut Off Australia
Technology giant Olympus hit by BlackMatter ransomware | TechCrunch
U.S. Cyber Czar: Too soon to tell if Russia ransomware has stopped - The Record by Recorded Future
'No indication' Russia has cracked down on ransomware gangs, top FBI official says - The Record by Recorded Future
Groove ransomware gang is a motley crew of disgruntled hackers, researchers say
Bail services affected in South Africa after ransomware attack - The Record by Recorded Future
Hackers stole Puma source code, no customer data, company says - The Record by Recorded Future
WhatsApp adds end-to-end encryption to chat backups, locking up data in the cloud
New CPU side-channel attack takes aim at Chrome's Site Isolation feature - The Record by Recorded Future
Fortinet warns customers after hackers leak passwords for 87,000 VPNs - The Record by Recorded Future
New York State vaccine pass shortcomings offer lessons for other coronavirus app developers | The Daily Swig
(5) Thái "thaidn" Dương on Twitter: "Hanoi citizens currently have to apply for a COVID movement pass in order to go outside. Each pass is QR code containing the holder's name and dates they're allowed to go out. The data are signed with RSA, to prevent fake passes. @0xfatty found that it's using 512-bit keys =)" / Twitter
(4,319) Find a vaccination clinic in New South Wales - COVID-19 Near Me
(5) ken tsang (@jxeeno) / Twitter
Why I decided to build my own vaccine booking search engine instead of using the Government’s one | by Ken Tsang | Sep, 2021 | Medium
Sep 15, 2021
Snake Oilers: Get Signal Sciences in your CDN, automate canary generation and cloud your SIEM!

Snake Oilers: Get Signal Sciences in your CDN, automate canary generation and cloud your SIEM! Three solid pitches in this edition…

In this edition of the Snake Oilers we’ll hear pitches from three vendors:

  • Brian Joe from Fastly talks about its integration of the Signal Sciences WAF into its CDN
  • Ben Whitham and Dan Holman talk about HoneyTrace, a canary creation and monitoring automation play
  • Anton Chuvakin from Google Cloud talks about cloud native SIEMs

Links to everything we talked about are in the show notes.

Sep 10, 2021
Risky Business #637 -- Infosec's bigfoot

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Apple backs down on CSAM measures
  • FTC shuts down spouseware company
  • REvil is back!
  • Confluence boxes are getting owned a lot
  • Trickbot crew member arrested in South Korea
  • The Juniper/NSA backdoor story just keeps on truckin’

This week’s show is brought to you by Thinkst Canary. Thinkst’s Jacob Torrey is this week’s sponsor guest. He pops by to tell us about the relaunch of Thinkstscapes, a fantastic quarterly publication that analyses security research.

(Editor’s note: Dmitri Alperovitch is a guest in this podcast and wishes to express his gratitude to Matthew Green of Johns Hopkins University for helping guide him on the Juniper story.)

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Apple Backs Down on Its Controversial Photo-Scanning Plans | WIRED
ProtonMail forced to collect an activist's IP address in police investigation - The Record by Recorded Future
FTC Bans SpyFone and CEO from Surveillance Business and Orders Company to Delete All Secretly Stolen Data | Federal Trade Commission
REvil ransomware group returns following Kaseya attack - The Record by Recorded Future
White House double downs on warning about cyberattacks over the holidays - The Record by Recorded Future
Cyber Command alerts US firms of 'ongoing' hacks targeting Atlassian enterprise software
Confluence enterprise servers targeted with recent vulnerability - The Record by Recorded Future
Jenkins project discloses security breach following Confluence server hack - The Record by Recorded Future
US farm loses $9 million in the aftermath of a ransomware attack - The Record by Recorded Future
Howard University cancels classes after ransomware attack
TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic - The Record by Recorded Future
Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role
SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign
Malware found preinstalled in classic push-button phones sold in Russia - The Record by Recorded Future
(1) C:\Windows\System32\last.exe on Twitter: "Hey, wanna see a magic trick? That's how you bypass UAC on a machine to which you have GUI access! 1/n" / Twitter
Microsoft warns of new IE zero-day exploited in targeted Office attacks - The Record by Recorded Future
Ghostscript zero-day allows full server compromises - The Record by Recorded Future
Cisco urges users to patch critical vulnerability in virtualized network devices after PoC is made public | The Daily Swig
Billions of devices impacted by new BrakTooth Bluetooth vulnerabilities - The Record by Recorded Future
Node.js archives serious tar handling vulnerabilities with software update | The Daily Swig
Microsoft will split Defender pricing plans to lower the entry bar for SMBs - The Record by Recorded Future
Mozi botnet authors arrested in China - The Record by Recorded Future
Google pauses quantum security feature in Chrome because of buggy middleware - The Record by Recorded Future
Breach notification window, accountability are focus of coming fight on cyber legislation in Congress
The IRS Goes Undercover As A Bitcoin Trader In $180,000 Sting
CREST: NCC Group ‘vicariously responsible’ for those involved in exam controversy | The Daily Swig
Raider: A tool to test authentication in web applications | The Daily Swig
ThinkstScapes
thinkst Thoughts...
Sep 08, 2021
Risky Business #636 -- Victims are shunning data extortion payments

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • More info on the Belarusian Cyber Patriots
  • How infosec overhyped election security risks
  • Is data ransoming dying?
  • All about the Azure Cosmos DB drama
  • Much, much more…

In this week’s sponsor interview Airlock Digital’s Daniel Schell and David Cottingham join the show to talk about EDR bypasses. They are a thing.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Belarusian hackers are turning the country's surveillance state against it | MIT Technology Review
A new wave of Hacktivists is turning the surveillance state against itself - The Record by Recorded Future
Trump conspiracies strain election cybersecurity experts
T-Mobile CEO apologizes after hacker stole millions of users' personal information
Bangkok Air confirms passenger PII leak after ransomware attack - The Record by Recorded Future
Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners' home addresses in Google Earth • The Register
Hackers steal $29 million from crypto-platform Cream Finance - The Record by Recorded Future
U.S. spy agencies rule out possibility the coronavirus was created as a bioweapon, say origin will stay unknown without China’s help - The Washington Post
Australia's 'hacking' Bill passes the Senate after House made 60 amendments | ZDNet
White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending
CISA adds single-factor authentication to its catalog of 'Bad Practices' - The Record by Recorded Future
DHS urges Microsoft customers to update Azure to avoid security flaw
Microsoft Azure vulnerability exposed thousands of cloud databases
CISA and the FBI warn of ransomware gangs' tendency of launching attacks over holidays and weekends - The Record by Recorded Future
FBI warns that Hive ransomware hackers are calling victims by phone
Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution | The Daily Swig
A Dark Web Murder-For-Hire Scammer Became An FBI Informant
WhatsApp, Facebook, and Twitter fined for not storing user data inside Russia - The Record by Recorded Future
A Bad Solar Storm Could Cause an 'Internet Apocalypse' | WIRED
Trial & Error in Kuwait - CyberScoop
How Data Brokers Sell Access to the Backbone of the Internet
Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents – Krebs on Security
Front Matter | Understanding and Managing Risk in Security Systems for the DOE Nuclear Weapons Complex: (Abbreviated Version) | The National Academies Press
JCP | Free Full-Text | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors | HTML
Sep 01, 2021
Risky Biz Soap Box: Bad incentives make Microsoft a villain again

In this edition of the Soap Box podcast we’ll be hearing from Ryan Kalember, the EVP of cybersecurity strategy at Proofpoint, a company best known for being an email filtering giant.

Proofpoint’s biggest challenger in that space is Microsoft, and if you’ve been paying attention you’d know that Microsoft is doing an absolutely massive push into the security space. It claims security is a $10bn revenue centre for the company, which is a bit of a screwy situation given a lot of the insecurity its security products mitigate is introduced through deficiencies in its core products.

And, largely, that’s what this interview is about – the screwy incentives that are driving Microsoft’s decisionmaking. More emphasis on security product development, and less effort on securing its core products.

Of course it’s self-serving for Ryan and Proofpoint to give Microsoft a kicking, given Redmond is its primary competitor. But the thing is, Ryan makes some very good points.

We talk about the incentives thing, and then we talk about why active directory is a trashfire and why the replication of the domain trust model in AzureAD is going to eventually bite us all in the ass. The circle of life, enterprise computing fail edition. Enjoy.

Aug 27, 2021
Risky Business #635 -- Owned via telnet? Must be "highly sophisticated attackers"!

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • T-Mobile owned hard
  • USA no fly list winds up on unsecured ElasticSearch in Bahrain… because reasons
  • Facebook scrambles to secure Afghani accounts
  • Hacker steals and returns $600 from de-fi platform
  • Healthcare sector struggles with ransomware attacks
  • A very sweet TCP-based amplification technique that will be A Problem
  • Much, much more

Evan Sultanik and Dan Guido will be joining us to talk about Fickling – a tool developed by Trail of Bits to do unnatural things to the Python Pickle files that are heavily used as a means to share machine learning models. The machine learning supply chain is really quite wobbly, and they’ll be joining us later to talk about that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

T-Mobile breach climbs to over 50 million people
T-Mobile: Breach Exposed SSN/DOB of 40M+ People – Krebs on Security
1.9 million records from the FBI's terrorist watchlist leaked online - The Record by Recorded Future
Facebook, other platforms scramble to secure user accounts in Afghanistan
This $600 Million Crypto Heist Is the Most Bizarre Hack in Recent Memory
A Hacker Stole and Then Returned $600 Million
Japanese crypto-exchange Liquid hacked for $94 million - The Record by Recorded Future
Operator of the Helix bitcoin mixer pleads guilty to money laundering - The Record by Recorded Future
Healthcare provider expected to lose $106.8 million following ransomware attack - The Record by Recorded Future
Hospitals hamstrung by ransomware are turning away patients | Ars Technica
US healthcare org sends data breach warning to 1.4m patients following ransomware attack | The Daily Swig
The pandemic revealed the health risks of hospital ransomware attacks - The Verge
Ransomware hackers could hit U.S. supply chain, experts warn
Ransomware hits Lojas Renner, Brazil's largest clothing store chain - The Record by Recorded Future
RansomClave project uses Intel SGX enclaves for ransomware attacks - The Record by Recorded Future
Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security
Japan's Tokio Marine is the latest insurer to be victimized by ransomware
Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up
White House to tackle cyber challenges with Apple, IBM, insurance CEOs | Reuters
FBI sends its first-ever alert about a 'ransomware affiliate' - The Record by Recorded Future
New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks - The Record by Recorded Future
Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability
Peterborough NH Cyberattack: Town Loses $2.3M in Taxpayer Money – NBC Boston
Almost 2,000 Exchange servers hacked using ProxyShell exploit - The Record by Recorded Future
ALTDOS hacking group wreaks havoc across Southeast Asia - The Record by Recorded Future
Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran's Evin Prison - by Kim Zetter - Zero Day
Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers
Apple says researchers can vet its child safety features. But it’s suing a startup that does just that. | MIT Technology Review
This $500 Million Russian Cyber Mogul Planned To Take His Company Public—Then America Accused It Of Hacking For Putin’s Spies
Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future
SNIcat: Circumventing the guardians | mnemonic
BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings
Realtek SDK vulnerabilities impact dozens of downstream IoT vendors | The Daily Swig
Hundreds of thousands of Realtek-based devices under attack from IoT botnet - The Record by Recorded Future
Accellion Kiteworks Vulnerabilities | Insomnia Security
Firewalls and middleboxes can be weaponized for gigantic DDoS attacks - The Record by Recorded Future
Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform - The Record by Recorded Future
Exhaustive study puts China’s infamous Great Firewall under the microscope | The Daily Swig
Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation | The Daily Swig
Benno on Twitter: "I will donate $50 to a charity of @riskybusiness' choice if he puts this in the show." / Twitter
Never a dill moment: Exploiting machine learning pickle files
PrivacyRaven: Implementing a proof of concept for model inversion
GitHub - trailofbits/fickling: A Python pickling decompiler and static analyzer
Aug 25, 2021
Risky Biz Soap Box: HD Moore talks Rumble and DCE/RPC party tricks

I am stoked to be publishing this interview. This Soap Box is brought to you by Rumble, the asset discovery company founded by HD Moore. For those of you who don’t know, HD is a security legend, having done all sorts of amazing research over the years and creating Metasploit all the way back in 2003.

This guy, as you’ll hear, vibrates at a slightly higher frequency than the rest of us. He’s one of those people who’s not only insanely talented, but he’s also insanely hardworking, which is why we get to have nice things like Metsaploit and, now, Rumble.

So: What is Rumble? It’s is an active asset discovery tool. You set it loose on your network and it shows you what’s there… but this isn’t your grandma’s portscanner. This thing can see through walls and around corners, and what it finds will genuinely blow you away. A couple of weeks ago a guy by the name of Tom Lawrence did an awesome 15 minute demo of Rumble for his YouTube channel.

I would highly recommend you watch it, even before you listen to this podcast. He does a fantastic job of demoing the product and showing that it’s able to make sense of what it sees to a very surprising degree. Tom demos it on a small network, but yeah, it scales – HD says Rumble counts a Fortune 5 among its customers.

Anyway, what HD has done with Rumble is create a tool – a lightweight scanner you can run from basically anywhere in a network – that will show you networks you didn’t know existed, it’ll identify devices with ridiculous granularity… it can even tell you if a windows box has EDR on it or a wireless card installed, all with an unauthenticated network scan.

Aug 17, 2021
Risky Business #634 -- Major hacks to shake up Belarusian KGB

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • The United States backing away from “releasing the hounds”
  • Apple has dropped its lawsuit against Corellium
  • “Activists” dox Belarusian security apparatus
  • Another sign hiding IR reports behind legal privilege is looking shaky
  • Apple implements new child protection tech
  • Much, much more

After this week’s news we’ll hear from Matt Cauthorn from ExtraHop Networks in this week’s sponsor interview. We’ll be talking about ransomware hack and leak and about how ransomware crews are losing credibility. You used to be able to actually trust them to just unlock you or keep your data private, but that’s not so much the case anymore.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Srsly Risky Biz: Thursday 8 August - by Tom Uren - Seriously Risky Business
Disgruntled ransomware affiliate leaks the Conti gang's technical manuals - The Record by Recorded Future
Step 1: Do a Google search. Ransomware hacker goes rogue, leaks gang's plan.
Meet Prometheus, the secret TDS behind some of today's malware campaigns - The Record by Recorded Future
Ransomware Gangs and the Name Game Distraction – Krebs on Security
Motherboard vendor GIGABYTE hit by RansomExx ransomware gang - The Record by Recorded Future
Wuhan lab: In Covid origins hunt, US intel agencies scour reams of genetic data from China - CNNPolitics
Chinese cyber spies targeted Israel posing as Iranian hackers - The Record by Recorded Future
Tadeusz Giczan on Twitter: "A short thread about what is perhaps the most successful cyber attack in the history of any nation state conducted by a group called “Belarusian Cyber-partisans”. Last month they hacked the servers of Belarusian police and the Interior Ministry. 1/6 https://t.co/3QPaEYHten" / Twitter
Belarusian Cyber-Partisans (@cpartisans) / Twitter
Seeking Change, Anti-Lukashenka Hackers Seize Senior Belarusian Officials’ Personal Data
Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants
Surprise Capital One court decision spells trouble for incident response - Risky Business
Scammers Will Ban Anyone From Instagram For $60
Instagram Shuts Down Fake Likes Factory
Apple will reject demands to use CSAM system for surveillance
Edward Snowden on Twitter: "@alexstamos @matthew_d_green Step 1.6 is NCMEC shrugging, deflecting by saying "hash collision?" And then the FBI makes an arrest since, by asking WTF, your company just confirmed a hit on the hash (since otherwise you wouldn't have been able to see the image was BS)." / Twitter
Apple drops copyright lawsuit against Corellium - 9to5Mac
Routers and modems running Arcadyan firmware are under attack - The Record by Recorded Future
Microsoft announces new 'Super Duper Secure Mode' for Edge - The Record by Recorded Future
Apple fixes AWDL bug that could be used to escape air-gapped networks - The Record by Recorded Future
Microsoft to require admin rights before using Windows Point and Print feature - The Record by Recorded Future
Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown | Ars Technica
Amazon Kindle Hack Needs Just One Evil Ebook To Take Over Your Ereader—And Maybe Your Amazon Account Too
‘A whole new attack surface’ – Researcher Orange Tsai documents ProxyLogon exploits against Microsoft Exchange Server | The Daily Swig
Black Hat USA: Downgrade attack against Let’s Encrypt lowers the bar for printing fraudulent SSL certificates | The Daily Swig
Messaging Apps Have an Eavesdropping Problem | WIRED
Black Hat USA: HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks | The Daily Swig
Black Hat USA 2021: Lessons to learn from the aviation sector after Biden mandates cyber-attack investigatory body | The Daily Swig
Amazon and Google patch major bug in their DNS-as-a-Service platforms - The Record by Recorded Future
Newsmax, OANN sued by maker of voting machines
Robᵉʳᵗ Graham @ Sioux Falls cyber symposium on Twitter: "1/n If you are wondering if there will be anybody at Mike Lindell's cybersymposium who can confirm or refute his "packet captures", well, there's going to be me. I'm a well-known expert on packet captures, and somewhat knowledgeable about election systems. https://t.co/PGioDBZ47B" / Twitter
Aug 11, 2021
Risky Business #633 -- President grandpa rattles sabre at cloud

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • US President Joe Biden says next shooting war will result from cyber incident
  • The Sun tabloid reports UK government weighing “cyber strike” against Iran
  • Australia, UK and USA release list of most commonly used CVEs
  • NSA drops Kubernetes security guide
  • Much, much more!

This week’s show is brought to you by Cmd Security. It makes what can best be described as a security agent for Linux. It can handle everything from user action restriction to IDR functionality, and Cmd’s co-founder Jake King will be along in this week’s sponsor slot to talk about what he’s seeing out there in Linux land. Jake says there’s a big cloud modernisation push happening right now as people re-architect their “legacy cloud” infrastructure into more modern setups.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Biden says 'shooting war' could break out with foreign heavyweights over cyberattacks
Angry Boris Johnson warns Iran of 'consequences' for killing Brit at sea in drone strike
Cyber-attack disrupts Iran's national railway system - The Record by Recorded Future
Biden issues memo to push critical infrastructure cybersecurity upgrades
US, UK, Australia issue joint advisory on today's top exploited vulnerabilities - The Record by Recorded Future
Evidence suggests Russia's SVR is still using 'WellMess' malware, despite US warnings
NSA, CISA publish Kubernetes hardening guide - The Record by Recorded Future
Meet Paragon: An American-Funded, Super-Secretive Israeli Surveillance Startup That ‘Hacks WhatsApp And Signal’
Israeli government raids NSO Group offices - The Record by Recorded Future
NSO Group Blocks Some Governments From Using Its Spyware Over Misuse Claims : NPR
LINE accounts for more than 100 Taiwanese politicians were hacked - The Record by Recorded Future
Spyware features found in Chinese state benefits app - The Record by Recorded Future
Five Southeast Asian telcos hacked by three different Chinese espionage groups - The Record by Recorded Future
DOJ says SolarWinds hack impacted 27 US attorneys' offices - The Record by Recorded Future
Srsly Risky Biz: Thursday, July 29 - by Tom Uren - Seriously Risky Business
Italian vaccination registration system down in apparent ransomware attack
A Silicon Valley VC firm with $1.8B in assets was hit by ransomware | TechCrunch
An interview with BlackMatter: A new ransomware group that's learning from the mistakes of DarkSide and REvil - The Record by Recorded Future
Hackers leak full EA data after failed extortion attempt - The Record by Recorded Future
FTC's right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers
Trusted platform module security defeated in 30 minutes, no soldering required | Ars Technica
PwnedPiper vulnerabilities impact 80% of major hospitals in North America - The Record by Recorded Future
Python packages caught attempting to steal Discord tokens, credit card numbers - The Record by Recorded Future
Python team fixes bug that allowed takeover of PyPI repository - The Record by Recorded Future
How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It - The Zero Hack
Aug 04, 2021
Risky Biz Soap Box: VMRay talks about its second line of defence for email security

In this sponsored edition of the Risky Biz Soap Box podcast VMRay’s VP of Products Uriel Cohen joins me to talk about its Email Threat Defender product.

They’ve glued some automated sandbox analysis to their fancy phishing/link analysis/detection tech and they’re pitching it as a secondary control. That means no, they’re not trying to replace big services like Proofpoint or Microsoft’s upper tier filtering, but as a seat belt to catch things that slip the net.

We talk about what they’re trying to do, look at the limitations of static and dynamic detection and talk about all sorts of other stuff too. Enjoy!

Aug 02, 2021
Risky Business #632 -- The Kaseya incident wasn't nearly as big as we thought

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Analysis suggests the Kaseya REvil incident was actually a bit of a fizzer
  • They also obtained a decrypt key and no one knows how
  • EU to follow US Treasury on Bitcoin controls
  • Israeli Government has eyes on NSO fallout
  • PetitPotam Active Directory technique is very bad news
  • Much, much more…

This week’s show is brought to you by Remediant. Remediant makes a PAM solution that’s, well, quite different from the traditional password-vault style solutions. That’s put them in an interesting situation lately with Gartner. Remediant scored an honourable mention as a PAM to take note of, alongside Microsoft, but the thing is they don’t even qualify as a PAM vendor under Gartner’s own criteria. This might mean the analyst firms need to re-jig the way they evaluate and rank tech given there are so many more ways to skin cats these days. Remediant co-founder Paul Lanzi will join me in this week’s sponsor slot to talk through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
Kaseya says it didn't pay ransomware gang for decryption key after hacks affected hundreds
Kaseya obtains universal decryptor for REvil ransomware victims
Joe Tidy on Twitter: "The impact of the South African port cyber attack is getting worse. The Road Freight Association (RFA) said it was “dismayed and gravely concerned” about the cyber-attack on Durban Port. https://t.co/iT1WAP165Z https://t.co/ipssCVfSIo" / Twitter
Port cyber attack: Now Road freighters concerned about goods
Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy
FBI tracking more than 100 active ransomware groups
New Haron ransomware gang emerges, borrows from Avaddon and Thanos - The Record by Recorded Future
BlackMatter ransomware targets companies with revenue of $100 million and more - The Record by Recorded Future
Spammer floods the Babuk ransomware gang's forum with gay porn GIFs - The Record by Recorded Future
No More Ransom celebrates success in helping 600k people recover from ransomware attacks | The Daily Swig
Justice Department officials urge Congress to pass ransomware notification law
New EU legislation to ban anonymous cryptocurrency wallets, transfers - The Record by Recorded Future
Government said to form team to deal with fallout of NSO spyware revelations | The Times of Israel
‘If You’re Not A Criminal, Don’t Be Afraid’—NSO CEO On ‘Insane’ Hacking Allegations Facing $1 Billion Spyware Business
NSO Group CEO Claims BDS Is Probably Behind Damning Investigation
New PetitPotam attack forces Windows servers to authenticate with an attacker - The Record by Recorded Future
HD Moore on Twitter: "It is wild to see *unauthenticated* RCE via NTLM relay attacks, again, in 2021: https://t.co/CiS4bKH8oV (decades since smbrelay / karma / karmetasploit PoCs)" / Twitter
KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
A Controversial Tool Calls Out Thousands of Hackable Websites | WIRED
IDEMIA fixes vulnerability that can allow threat actors to open doors remotely - The Record by Recorded Future
PlugwalkJoe Does the Perp Walk – Krebs on Security
UK man arrested in Spain for role in Twitter 2020 hack - The Record by Recorded Future
Praying Mantis APT targets IIS servers with ASP.NET exploits - The Record by Recorded Future
Botnet operator who proxied traffic for other cybercrime groups pleads guilty - The Record by Recorded Future
Chinese hacking group APT31 uses mesh of home routers to disguise attacks - The Record by Recorded Future
VPN servers seized by Ukrainian authorities weren’t encrypted | Ars Technica
Accused CIA leaker Joshua Schulte allowed to represent himself at next Vault 7 trial
Seriously Risky Business
Jul 28, 2021
Risky Business #631 -- USA and friends send nastygram to China

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • USA and friends send a sternly worded letter
  • NSO group in the news, but parts of the coverage don’t add up
  • Google TAG drops another great post
  • We unveil the details of the earth shattering Kaseya 0day cyberweapon
  • MORE

This week’s show is brought to you by Signal Sciences, which is now a part of Fastly. Instead of booking an interview with one of their staff, they suggested we interview one of their customers – so this week’s sponsor guest is J J Agha, the CISO of Compass, the American real estate website.

He’ll be joining us to talk about his general approach, and yes, Signal Sciences is a part of that, but he’ll speak to automation and orchestration and a bunch of other stuff too.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China | The White House
Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks - The Washington Post
US says Chinese hackers breached 13 pipeline operators between 2011 and 2013 - The Record by Recorded Future
U.S. accuses China of abetting ransomware attack
Microsoft links Serv-U zero-day attacks to Chinese hacking group - The Record by Recorded Future
Pegasus: NSO clients spying disclosures prompt political rows across world | India | The Guardian
Pegasus spyware: NSO Group’s cloud infrastructure shut down by Amazon, says Vice
Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests | Jamal Khashoggi | The Guardian
Response from NSO and governments | World news | The Guardian
This tool tells you if NSO’s Pegasus spyware targeted your phone | TechCrunch
Windows spyware and zero-days linked to prodigious Israeli hack-for-hire company - The Record by Recorded Future
Google: Three recent zero-days have been used against Armenian targets - The Record by Recorded Future
The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones | WIRED
How we protect users from 0-day attacks
Google patches Chrome zero-day, eighth one in 2021 - The Record by Recorded Future
That iPhone WiFi crash bug is far worse than initially thought - The Record by Recorded Future
Brian in Pittsburgh on Twitter: "The vulnerabilities exploited to accomplish the Kaseya customer intrusions were as dumb as you were probably expecting: https://t.co/eOnManp6ar" / Twitter
Ransomware incident at major cloud provider disrupts real estate, title industry - The Record by Recorded Future
Lawmakers Look to Improve Cyber Workforce, Especially for Acquisitions - Nextgov
GSA blocks senator from reviewing documents used to approve Zoom for government use | TechCrunch
TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware
US offers $10 million reward for info on state-sponsored hackers disrupting critical infrastructure - The Record by Recorded Future
US government launches plans to cut cybercriminals off from cryptocurrency
Microsoft takes control of 17 domains used by West African BEC gang - The Record by Recorded Future
Momentum builds on federal oversight of facial recognition tech after reported abuses
Amnesty sues NYPD, seeking details about facial recognition technology and arrest data
Windows Hello bypassed using infrared image - The Record by Recorded Future
Inside the Industry That Unmasks People at Scale
Instagram rolls out new tool to help users secure hacked accounts - The Record by Recorded Future
Facebook says Iranian hackers used it to lure defense company employees
Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
DevSecAI: GitHub Copilot prone to writing security flaws | The Daily Swig
Hackers Move to Extort Gaming Giant EA
RCE vulnerability in Cloudflare CDN could have allowed complete compromise of websites | The Daily Swig
Patrick Gray on Twitter: "Good to know!" / Twitter
Kevin Beaumont on Twitter: "Oh dear. I need to validate this myself, but it seems like MS may have goofed up and made the SAM database (user passwords) accessible to non-admin users in Win 10." / Twitter
Vortimo [www] – Pro browser extension
Demand More from Your WAF - Signal Sciences
Jul 21, 2021
Risky Biz Feature Podcast: An interview with Rob Joyce

In this podcast we chat with Rob Joyce, the NSA’s Director of Cybersecurity.

As many listeners would know Rob has a pretty interesting resume, having served as a special advisor on cybersecurity to US president Donald Trump, and, before that, leading Tailored Access Operations for NSA. More recently he served as the NSA liaison to Britain’s GCHQ, but he returned to the USA this year to take up his new post as the head of NSA’s defence-oriented Cybersecurity Directorate.

And here’s the thing: Rob is a senior bureaucrat who is genuinely passionate about technology. His con talks are fantastic. He did one on how to make TAO’s life hard in 2016 that was really a blockbuster technical talk, and he’s even done a DEFCON talk about how to engineer wildly over-the-top Christmas light displays.

I’m telling you this to let you know that, well, Rob is a real, actual security geek. He’s the hacker-bureaucrat, if you will.

Anyway, he generously made himself available to do this interview with us and we covered a bunch of stuff: The terrible state of enterprise security, cloud service providers being dumb with their defaults, the role of the intelligence community in combating ransomware and more. But we started off with some nuts and bolts discussion about what NSA’s cybersecurity directorate actually does. Enjoy!

Jul 16, 2021
Risky Business #630 -- We tried the carrot, it's time for the stick

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • REvil takes a vacation
  • Kaseya finally patches VSA
  • Morgan Stanley data exposed by third party Accellion hack
  • CISA issues emergency directive on MS print spooler bug
  • Patrick and Adam dream up ways for the US government to pressure vendors
  • MORE

This week’s show is brought to you by Senetas. They’ve traditionally made layer 2 encryption gear but, as you’ll hear, they’re moving with the times! Senetas CTO Julian Fay joins us this week to talk through a bunch of stuff – what they’ve been working on, a really interesting project they had to abandon because of COVID and the latest news on the move to quantum-resistant crypto.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware attacks: Pressure grows on Biden to curb costly hacks - The Washington Post
Biden tells Putin the U.S. will take ?any necessary action? after latest massive ransomware attack - The Washington Post
Russian-speaking ransomware gang goes offline
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software – Krebs on Security
(3) Patrick Gray on Twitter: "That’s great! Do they have a time machine, too? Where can we buy tickets?!" / Twitter
ACSC: Australian organizations compromised through ForgeRock vulnerability - The Record by Recorded Future
Morgan Stanley discloses data breach that resulted from Accellion FTA hacks | Ars Technica
Dell Wyse Management Suite subject to database exposure, session hijacking | The Daily Swig
Microsoft Issues Emergency Patch for Windows Flaw – Krebs on Security
Microsoft Patch Tuesday, July 2021 Edition – Krebs on Security
cyber.dhs.gov - Emergency Directive 21-04
Microsoft discovers critical SolarWinds zero-day under active attack | Ars Technica
Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers | WIRED
China tightens control over cybersecurity in data crackdown - ABC News
Suspected Chinese hackers return with unusual attacks on domestic gambling companies
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards – Microsoft Security Response Center
Feds indict “The Bull” for allegedly selling insider stock info on the dark web | Ars Technica
UK judge gives US a shot to appeal denial of Julian Assange's extradition
Over 780,000 email accounts compromised by Emotet have been secured - The Record by Recorded Future
Hiltzik: The threat of ransomware - Los Angeles Times
Matt Bevan on Twitter: "Wow @youtube @googledownunder this is a full-blown deepfake ad running on your platform... you probably shouldn't have those. https://t.co/S19nQYR9iH" / Twitter
Troy Hunt on Twitter: "Huh - what - why?! “Ransomware-hit law firm gets court order asking crooks not to publish the data they stole” https://t.co/ugheahUmgw" / Twitter
Ransomware-hit law firm gets court order asking crooks not to publish the data they stole • The Register
Migration to Post-Quantum Cryptography
Jul 14, 2021
Risky Business #629 -- Kaseya 0day was utter trash

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Our take on the REvil attack against Kaseya customers
  • Microsoft’s print spooler bug is a real worry
  • Reports the RNC breached by Russia’s SVR
  • NSA snaps GRU brute forcing efforts
  • Much, much more

This week’s show is brought to you by Material Security, a very interesting startup that has a completely different take on what email security actually is. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about the cool stuff they’re doing on the analytics side.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Why the Kaseya ransomware attack has experts worried
White House rebukes ransomware gang as number of apparent REvil victims remains uncertain - CyberScoop
Patrick Gray on Twitter: "https://t.co/ppGlxTu4CL" / Twitter
Hackers behind holiday crime spree demand $70 million, say they locked 1 million devices
Kaseya zero-day involved in ransomware attack, patches coming - The Record by Recorded Future
Supermarket chain Coop closes 800 stores following Kaseya ransomware attack - The Record by Recorded Future
REvil ransomware gang executes supply chain attack via malicious Kaseya update - The Record by Recorded Future
Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day - Security - Software - iTnews
Russia still using 'brute force' to break into computer systems
Republican National Committee Hack: Russian Cozy Bear Group Breached Computers - Bloomberg
Chinese cyberspies targeted the Afghan National Security Council - The Record by Recorded Future
Mongolian certificate authority hacked eight times, compromised with malware - The Record by Recorded Future
Israeli charged in global hacker-for-hire scheme wants plea deal -court filing | Reuters
A new ‘digital violence’ platform maps dozens of victims of NSO Group’s spyware | TechCrunch
Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress
Dutch police takes down DoubleVPN, a service used by cybercrime groups - The Record by Recorded Future
Gozi malware gang member arrested in Colombia - The Record by Recorded Future
New charges filed against Capital One hacker, trial postponed to 2022 - The Record by Recorded Future
Windows 11’s Security Push Puts Microsoft on a Collision Course | WIRED
Apps with 5.8 million Google Play downloads stole users’ Facebook passwords | Ars Technica
Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page’ | The Daily Swig
GETTR Is the Trump Team’s Buggy, Leaky Twitter Clone
Hackers Scrape 90,000 GETTR User Emails, Surprising No One
Kaspersky Password Manager: All your passwords are belong to us | Donjon
Jul 07, 2021