Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1220
Reviews: 2

Anders
 Jul 13, 2020


 Oct 10, 2018

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #631 -- USA and friends send nastygram to China

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • USA and friends send a sternly worded letter
  • NSO group in the news, but parts of the coverage don’t add up
  • Google TAG drops another great post
  • We unveil the details of the earth shattering Kaseya 0day cyberweapon
  • MORE

This week’s show is brought to you by Signal Sciences, which is now a part of Fastly. Instead of booking an interview with one of their staff, they suggested we interview one of their customers – so this week’s sponsor guest is J J Agha, the CISO of Compass, the American real estate website.

He’ll be joining us to talk about his general approach, and yes, Signal Sciences is a part of that, but he’ll speak to automation and orchestration and a bunch of other stuff too.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China | The White House
Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks - The Washington Post
US says Chinese hackers breached 13 pipeline operators between 2011 and 2013 - The Record by Recorded Future
U.S. accuses China of abetting ransomware attack
Microsoft links Serv-U zero-day attacks to Chinese hacking group - The Record by Recorded Future
Pegasus: NSO clients spying disclosures prompt political rows across world | India | The Guardian
Pegasus spyware: NSO Group’s cloud infrastructure shut down by Amazon, says Vice
Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests | Jamal Khashoggi | The Guardian
Response from NSO and governments | World news | The Guardian
This tool tells you if NSO’s Pegasus spyware targeted your phone | TechCrunch
Windows spyware and zero-days linked to prodigious Israeli hack-for-hire company - The Record by Recorded Future
Google: Three recent zero-days have been used against Armenian targets - The Record by Recorded Future
The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones | WIRED
How we protect users from 0-day attacks
Google patches Chrome zero-day, eighth one in 2021 - The Record by Recorded Future
That iPhone WiFi crash bug is far worse than initially thought - The Record by Recorded Future
Brian in Pittsburgh on Twitter: "The vulnerabilities exploited to accomplish the Kaseya customer intrusions were as dumb as you were probably expecting: https://t.co/eOnManp6ar" / Twitter
Ransomware incident at major cloud provider disrupts real estate, title industry - The Record by Recorded Future
Lawmakers Look to Improve Cyber Workforce, Especially for Acquisitions - Nextgov
GSA blocks senator from reviewing documents used to approve Zoom for government use | TechCrunch
TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware
US offers $10 million reward for info on state-sponsored hackers disrupting critical infrastructure - The Record by Recorded Future
US government launches plans to cut cybercriminals off from cryptocurrency
Microsoft takes control of 17 domains used by West African BEC gang - The Record by Recorded Future
Momentum builds on federal oversight of facial recognition tech after reported abuses
Amnesty sues NYPD, seeking details about facial recognition technology and arrest data
Windows Hello bypassed using infrared image - The Record by Recorded Future
Inside the Industry That Unmasks People at Scale
Instagram rolls out new tool to help users secure hacked accounts - The Record by Recorded Future
Facebook says Iranian hackers used it to lure defense company employees
Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
DevSecAI: GitHub Copilot prone to writing security flaws | The Daily Swig
Hackers Move to Extort Gaming Giant EA
RCE vulnerability in Cloudflare CDN could have allowed complete compromise of websites | The Daily Swig
Patrick Gray on Twitter: "Good to know!" / Twitter
Kevin Beaumont on Twitter: "Oh dear. I need to validate this myself, but it seems like MS may have goofed up and made the SAM database (user passwords) accessible to non-admin users in Win 10." / Twitter
Vortimo [www] – Pro browser extension
Demand More from Your WAF - Signal Sciences
Jul 21, 2021
Risky Biz Feature Podcast: An interview with Rob Joyce

In this podcast we chat with Rob Joyce, the NSA’s Director of Cybersecurity.

As many listeners would know Rob has a pretty interesting resume, having served as a special advisor on cybersecurity to US president Donald Trump, and, before that, leading Tailored Access Operations for NSA. More recently he served as the NSA liaison to Britain’s GCHQ, but he returned to the USA this year to take up his new post as the head of NSA’s defence-oriented Cybersecurity Directorate.

And here’s the thing: Rob is a senior bureaucrat who is genuinely passionate about technology. His con talks are fantastic. He did one on how to make TAO’s life hard in 2016 that was really a blockbuster technical talk, and he’s even done a DEFCON talk about how to engineer wildly over-the-top Christmas light displays.

I’m telling you this to let you know that, well, Rob is a real, actual security geek. He’s the hacker-bureaucrat, if you will.

Anyway, he generously made himself available to do this interview with us and we covered a bunch of stuff: The terrible state of enterprise security, cloud service providers being dumb with their defaults, the role of the intelligence community in combating ransomware and more. But we started off with some nuts and bolts discussion about what NSA’s cybersecurity directorate actually does. Enjoy!

Jul 16, 2021
Risky Business #630 -- We tried the carrot, it's time for the stick

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • REvil takes a vacation
  • Kaseya finally patches VSA
  • Morgan Stanley data exposed by third party Accellion hack
  • CISA issues emergency directive on MS print spooler bug
  • Patrick and Adam dream up ways for the US government to pressure vendors
  • MORE

This week’s show is brought to you by Senetas. They’ve traditionally made layer 2 encryption gear but, as you’ll hear, they’re moving with the times! Senetas CTO Julian Fay joins us this week to talk through a bunch of stuff – what they’ve been working on, a really interesting project they had to abandon because of COVID and the latest news on the move to quantum-resistant crypto.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware attacks: Pressure grows on Biden to curb costly hacks - The Washington Post
Biden tells Putin the U.S. will take ?any necessary action? after latest massive ransomware attack - The Washington Post
Russian-speaking ransomware gang goes offline
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software – Krebs on Security
(3) Patrick Gray on Twitter: "That’s great! Do they have a time machine, too? Where can we buy tickets?!" / Twitter
ACSC: Australian organizations compromised through ForgeRock vulnerability - The Record by Recorded Future
Morgan Stanley discloses data breach that resulted from Accellion FTA hacks | Ars Technica
Dell Wyse Management Suite subject to database exposure, session hijacking | The Daily Swig
Microsoft Issues Emergency Patch for Windows Flaw – Krebs on Security
Microsoft Patch Tuesday, July 2021 Edition – Krebs on Security
cyber.dhs.gov - Emergency Directive 21-04
Microsoft discovers critical SolarWinds zero-day under active attack | Ars Technica
Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers | WIRED
China tightens control over cybersecurity in data crackdown - ABC News
Suspected Chinese hackers return with unusual attacks on domestic gambling companies
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards – Microsoft Security Response Center
Feds indict “The Bull” for allegedly selling insider stock info on the dark web | Ars Technica
UK judge gives US a shot to appeal denial of Julian Assange's extradition
Over 780,000 email accounts compromised by Emotet have been secured - The Record by Recorded Future
Hiltzik: The threat of ransomware - Los Angeles Times
Matt Bevan on Twitter: "Wow @youtube @googledownunder this is a full-blown deepfake ad running on your platform... you probably shouldn't have those. https://t.co/S19nQYR9iH" / Twitter
Troy Hunt on Twitter: "Huh - what - why?! “Ransomware-hit law firm gets court order asking crooks not to publish the data they stole” https://t.co/ugheahUmgw" / Twitter
Ransomware-hit law firm gets court order asking crooks not to publish the data they stole • The Register
Migration to Post-Quantum Cryptography
Jul 14, 2021
Risky Business #629 -- Kaseya 0day was utter trash

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Our take on the REvil attack against Kaseya customers
  • Microsoft’s print spooler bug is a real worry
  • Reports the RNC breached by Russia’s SVR
  • NSA snaps GRU brute forcing efforts
  • Much, much more

This week’s show is brought to you by Material Security, a very interesting startup that has a completely different take on what email security actually is. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about the cool stuff they’re doing on the analytics side.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Why the Kaseya ransomware attack has experts worried
White House rebukes ransomware gang as number of apparent REvil victims remains uncertain - CyberScoop
Patrick Gray on Twitter: "https://t.co/ppGlxTu4CL" / Twitter
Hackers behind holiday crime spree demand $70 million, say they locked 1 million devices
Kaseya zero-day involved in ransomware attack, patches coming - The Record by Recorded Future
Supermarket chain Coop closes 800 stores following Kaseya ransomware attack - The Record by Recorded Future
REvil ransomware gang executes supply chain attack via malicious Kaseya update - The Record by Recorded Future
Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day - Security - Software - iTnews
Russia still using 'brute force' to break into computer systems
Republican National Committee Hack: Russian Cozy Bear Group Breached Computers - Bloomberg
Chinese cyberspies targeted the Afghan National Security Council - The Record by Recorded Future
Mongolian certificate authority hacked eight times, compromised with malware - The Record by Recorded Future
Israeli charged in global hacker-for-hire scheme wants plea deal -court filing | Reuters
A new ‘digital violence’ platform maps dozens of victims of NSO Group’s spyware | TechCrunch
Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress
Dutch police takes down DoubleVPN, a service used by cybercrime groups - The Record by Recorded Future
Gozi malware gang member arrested in Colombia - The Record by Recorded Future
New charges filed against Capital One hacker, trial postponed to 2022 - The Record by Recorded Future
Windows 11’s Security Push Puts Microsoft on a Collision Course | WIRED
Apps with 5.8 million Google Play downloads stole users’ Facebook passwords | Ars Technica
Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page’ | The Daily Swig
GETTR Is the Trump Team’s Buggy, Leaky Twitter Clone
Hackers Scrape 90,000 GETTR User Emails, Surprising No One
Kaspersky Password Manager: All your passwords are belong to us | Donjon
Jul 07, 2021
Risky Business #628 -- Microsoft is not your friend

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Microsoft reluctantly and belatedly discloses breach
  • Chinese APT suspected of Air India breach
  • JBS paid $11m even though they successfully restored systems
  • cl0p money launderer arrests
  • Ransomware news roundup
  • All the latest research and MORE

This week’s show is brought to you by Greynoise. Its founder and CEO, Andrew Morris, joins us this week to talk through some of the work he’s been doing to extend Greynoise’s use cases. It’s a great chat, that one.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Microsoft says SolarWinds hacking group has breached three new victims - The Record by Recorded Future
Are The FBI’s ‘Most Wanted’ Chinese Spies Hacking The Airline Industry?
Sprawling cyber-espionage campaign linked to Chinese military unit - The Record by Recorded Future
APT group targets diplomatic organizations in Africa and the Middle East - The Record by Recorded Future
Al Jazeera repels cyber-attacks that sought to disrupt media network | The Daily Swig
Beef supplier JBS paid ransomware hackers $11 million
Arrested Clop gang members laundered over $500M in ransomware payments - The Record by Recorded Future
A week after arrests, Cl0p ransomware group dumps new tranche of stolen data | Ars Technica
Tulsa police say 18,000 files are leaked after Conti ransomware hack
City of Liege, Belgium hit by ransomware - The Record by Recorded Future
Ransomware group 'Hades' claims more victims as investigators seek answers
New Australian bill would force companies to disclose ransomware payments - The Record by Recorded Future
White House weighs cracking down on secret ransomware payments, pursuing hackers
Using VMs to hide ransomware attacks is becoming more popular - The Record by Recorded Future
Ransomware gangs are increasingly going after SonicWall devices - The Record by Recorded Future
Cisco routers come under attack, including a destructive hacktivist campaign - The Record by Recorded Future
Microsoft admits to signing a malicious rootkit driver - The Record by Recorded Future
Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents
Zyxel says a threat actor is targeting its enterprise firewall and VPN devices - The Record by Recorded Future
MyBook Users Urged to Unplug Devices from Internet – Krebs on Security
French Spyware Executives Are Indicted for Aiding Torture | WIRED
Google to require 2FA and a physical address from Android app devs - The Record by Recorded Future
Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison
FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims
Cybercriminals are deploying legit security tools far more than before, researchers conclude
NFC Flaws Let Researchers Hack ATMs by Waving a Phone | WIRED
North Korean hackers breach South Korean submarine builder (again) - The Record by Recorded Future
North Korean hackers breach South Korea's atomic research agency through VPN bug - The Record by Recorded Future
MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework - The Record by Recorded Future
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
US Computer Fraud and Abuse Act: What the ‘landmark’ Van Buren ruling means for security researchers | The Daily Swig
Episode 204: [Insert Inscrutable Title Here] – The National Security Law Podcast
Supreme Court revives LinkedIn case to protect user data from web scrapers | TechCrunch
Biden revokes Trump TikTok and WeChat ban order - The Washington Post
EA source code stolen by hacker claiming to sell it online | Ars Technica
PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug - The Record by Recorded Future
Project Zero: An EPYC escape: Case-study of a KVM breakout
Instagram vulnerability nets researcher $30k after exposing users’ private content | The Daily Swig
A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable | WIRED
Connecting to malicious Wi-Fi networks can mess with your iPhone | Ars Technica
Google patches Chrome zero-day linked to 'commercial exploit company' - The Record by Recorded Future
Hackers can mess with HTTPS connections by sending data to your email server | Ars Technica
NSA leaker Reality Winner released early for good behavior - The Record by Recorded Future
AV mogul John McAfee found dead by hanging in Spanish prison cell | Ars Technica
Canadian Navy wins US Cyber Command training exercise - The Record by Recorded Future
Jun 30, 2021
Risky Biz Soap Box: EclecticIQ's CEO Joep Gommers on operationalising threat intelligence

Aaaaand we’re back on deck! We’re kicking things off this week with this interview with Joep Gommers, the CEO and founder of EclecticIQ. And FYI, in case you didn’t know, these Soap Box podcasts are wholly sponsored.

If your job involves handling threat intel, then I think you’ll really enjoy this conversation. It touches on a bunch of stuff. The first part of this is talking through what EclecticIQ actually offers, currently, then we talk more broadly about operationalising threat intelligence, and finally we talk about EclecticIQ’s new stuff – which include introducing XDR tooling.

I really enjoyed this interview and I hope you do too.

Jun 28, 2021
Risky Biz Soap Box: Banks to embrace Yubikeys for customers

As regular listeners know, the soap box podcasts we publish here at Risky.Biz are wholly sponsored. That means everyone you hear in one of these podcasts, paid to be here.

And this edition of Soap Box has become an annual thing – it’s our once-yearly catch up with Jerrod Chong, the chief solutions officer of Yubico, makers of the Yubikey and YubiHSM.

Yubikey is an infosec darling, really, because they’re in the unique position of having a product that’s popular with security professionals like CISOs while also being popular with security-conscious consumers. Businesses get value out of Yubikeys, but so do normal people, thanks to key support being baked into services like Facebook and Google.

As you’re about to hear, there’s a whole new category of use about to open up – Bank of America is launching FIDO2 U2F support for its customers. That’s a big deal – the more FIDO2 keys we get out there the better.

Jun 10, 2021
Risky Business #627 -- USG claws back Colonial pipeline ransom money

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • US Government claws back Colonial ransom bitcoin. We don’t think the FBI acted alone.
  • Meet an0m, the cute little app for planning crimes that drinks milkshakes.
  • Ransomware stuff, duh.
  • Trickbot developer arrested in Florida
  • Supreme court upends CFAA “exceed authorised access” element
  • Much, much more

This week’s show is brought to you by Datadog. Michael Yamnitsky will be along in this week’s sponsor interview to talk about cloud security posture management. DataDog is launching a product in that space, so we’ll be hearing about the types of issues CSPM products can help to unearth.

If you book a demo of their product they’ll send you a free Datadog tee-shirt. The link is in the show notes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Feds recover millions from pipeline ransom hackers, hint at U.S. internet tactic
Exclusive: U.S. to give ransomware hacks similar priority as terrorism | Reuters
Hacking accusations are meant to stir conflict ahead of US summit, Russian president says
(11) Jenna McLaughlin on Twitter: "He also says "ransomware is a national security priority" particularly when it come to critical infrastructure. He would like to see out of G7 an "action plan" on how to increase resilience, share info, and "deal with the cryptocurrency challenge" when it comes to ransomware." / Twitter
Cyberattack hits JBS, world's largest meat processor - The Washington Post
FBI: JBS ransomware attack was carried out by REvil | The Record by Recorded Future
TV news stations become apparent target in next cyberattack
Ransomware attack disrupts Massachusetts ferries | The Record by Recorded Future
Fujifilm shuts down computer systems following apparent ransomware intrusion
Ransomware hits Capitol Hill contractor | The Record by Recorded Future
Sensitive medical, financial data exposed in extortion of Massachusetts hospital
Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked | WIRED
US arrests Latvian woman who worked on Trickbot malware source code | The Record by Recorded Future
Tokyo Olympics organizers' data swept up in Fujitsu hack: report
Supreme Court narrows scope of CFAA computer hacking law | The Record by Recorded Future
Australian Federal Police and FBI nab criminal underworld figures in worldwide sting using encrypted app - ABC News
(11) Seamus Hughes on Twitter: "Let's advance the story a bit w/ some original reporting: An FBI informant introduced Anom to Phantom Secure & Sky Global users in 2018. The informant gave each user a unique ID number, the FBI had full access to that ID list. Working w/ AFP, it was called Operation Trojan Horse" / Twitter
British military seeks briefings from Australia over security concerns about Israeli battle management technology - ABC News
Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals | The Record by Recorded Future
CISA launches platform to let hackers report security bugs to US federal agencies | TechCrunch
Ukraine warns of 'massive' Russian spear-phishing campaign | The Record by Recorded Future
Backdoor malware found on the Myanmar president's website, again | The Record by Recorded Future
Adventures in Contacting the Russian FSB – Krebs on Security
FireEye is selling its security products business for $1.2B
GitHub changes policy to welcome security researchers | The Daily Swig
This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica
First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard
Akamai offers post-mortem on recently resolved authentication platform vulnerability | The Daily Swig
Akamai EAA Impersonation Vulnerability - A Deep Dive - The Akamai Blog
Cloud Security Posture Management -- get a demo and receive a free Datadog tee-shirt
Jun 09, 2021
Risky Business #626 -- Russian ransomware beef simmers

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Ransomware attack threatens Australian and US beef supply
  • Talos dubs Russian ransomware crews “privateers”
  • NYTimes writes another bad story
  • More Fortinet pwnage
  • Belgian government rolls Hafnium IR and finds, well, something else
  • Google unveils new rowhammer techniques
  • Much, much more

Haroon Meer of Thinkst Canary is this week’s sponsor guest. Thinkst is spinning up a labs division, but they’ll be doing something different to the same-old bug hunting. That’s a quality conversation.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Full impact still being assessed in JBS cyber-security attack - Beef Central
JBS to bring most plants online after ransomware attack - Axios
JBS Cyber Hack: Meat Supplier Shuts Down Some Slaughterhouses After Attack - Bloomberg
Hackers hit Australian meatworks giant | 7NEWS.com.au
Colonial hack exposed TSA’s light-touch oversight of pipeline cybersecurity - The Washington Post
TSA cyber requirements would fine pipeline operators for lax security practices
Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber
Security researchers suggest naming state-harbored hackers 'privateers'
Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency - The New York Times
The SolarWinds Hackers Aren’t ‘Back.’ They Never Went Away | WIRED
Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing
US seizes two domains used by the SVR in recent hacking campaign | The Record by Recorded Future
SVR cyberspies used iOS zero-day in recent phishing campaign | The Record by Recorded Future
FBI says an APT breached a US municipal government via an unpatched Fortinet VPN | The Record by Recorded Future
Days before a report, Chinese hackers removed malware from infected networks | The Record by Recorded Future
Belgium government discovers old 2019 hack during Hafnium investigation | The Record by Recorded Future
Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population
Faulty emailing tool prevented Accellion from notifying customers of attacks | The Record by Recorded Future
The FBI will feed hacked passwords directly into Have I Been Pwned | The Record by Recorded Future
Macron says wiretapping ‘not acceptable between allies’ after report adds details about old NSA program - The Washington Post
Malware campaign targets server hosting software CWP | The Record by Recorded Future
Fujitsu suspends ProjectWEB platform after Japanese government hacks | The Record by Recorded Future
Hackers target Japanese government, transportation entities
Using Fake Reviews to Find Dangerous Extensions – Krebs on Security
Boss of ATM Skimming Syndicate Arrested in Mexico – Krebs on Security
Russian hacker Pavel Sitnikov arrested for sharing malware source code | The Record by Recorded Future
French authorities seize their third dark web marketplace | The Record by Recorded Future
WhatsApp’s Fight With India Has Global Implications | WIRED
Threema, the European rival to Signal, wins pivotal privacy battle in Swiss Court | The Daily Swig
Apple’s M1 Chip Has a Fascinating Flaw | WIRED
Google says Rowhammer attacks are gaining range as RAM is getting smaller | The Record by Recorded Future
No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw | Ars Technica
Inside The ‘World’s Largest’ Video Game Cheating Empire
'FIND THIS FUCK:' Inside Citizen’s Dangerous Effort to Cash In On Vigilantism
Hacktivist Posts Massive Scrape of Crime App Citizen to Dark Web
Jun 02, 2021
Risky Business #625 -- Iranians wipe some machines, Israelis kaboom some

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The latest news on the health system ransomware crisis in Ireland
  • TSA to force pipeline operators to disclose attacks they probably aren’t detecting anyway
  • Colonial paying ransom angers US congresspeople who really haven’t thought this through
  • Iran targets Israeli systems with new wipers
  • Israel targets Hamas systems with guided munitions that go bang
  • Much, much more

This week’s sponsor guest is Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint. He joins us to talk about how compromised o365 accounts are powering all sorts of threat actors right now – from ransomware operators to BEC crews and APT units, everyone loves a popped mailbox.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. didn’t hack DarkSide group that hacked Colonial Pipeline - The Washington Post
Hear ye, DarkSide! This honorable ransomware court is now in session | Ars Technica
Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment
TSA to issue cyber directive for pipeline operators following Colonial ransomware attack
Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident
(2) hakan on Twitter: "So, one hour ago CONTI apparently decided to provide HSE with a free decryption tool, as per their statement (see screenshot. https://t.co/lyIuBoN6XP" / Twitter
Irish officials analyze decryption tool as long recovery process from ransomware continues
FBI: Conti ransomware gang attacked more than 400 orgs, including 911 centers | The Record by Recorded Future
Cyber insurance premiums rise as ransomware, hacks continue, GAO finds
New Iranian threat actor targets Israel with wipers disguised as ransomware | The Record by Recorded Future
Microsoft warns of malware campaign spreading a RAT masquerading as ransomware | The Record by Recorded Future
Israel bombed two Hamas cyber targets | The Record by Recorded Future
Israel Is a Cyber Superpower But Chooses Bombs to Fight Hackers in Gaza
FSB NKTsKI: Foreign 'cyber mercenaries' breached Russian federal agencies | The Record by Recorded Future
How Hydra, a Russian dark net market, made more than $1 billion in 2020
Air India says data breach impacts 4.5 million former passengers | The Record by Recorded Future
The Full Story of the Stunning RSA Hack Can Finally Be Told | WIRED
Nagios IT monitoring vulnerabilities chained to compromise telco customers en masse | The Daily Swig
Open source ecosystem ripe for dependency confusion attacks, research finds | The Daily Swig
DeepSloth: Researchers find denial-of-service equivalent against machine learning systems | The Daily Swig
Chinese governments has warned 222 apps to remove data slurping code | The Record by Recorded Future
Just a handful of Android apps exposed the data of more than 100 million users | The Record by Recorded Future
Microsoft releases SimuLand, a lab environment to simulate attacker tradecraft | The Record by Recorded Future
WordPress security: More than 600,000 sites hit by blind SQLi vulnerability in WP Statistics plugin | The Daily Swig
Arm and Qualcomm zero-days quietly patched in this month's Android security updates | The Record by Recorded Future
Vulnerability in VMware product has severity rating of 9.8 out of 10 | Ars Technica
Apple fixes macOS zero-day abused by XCSSET malware | The Record by Recorded Future
So long, Internet Explorer, and your decades of security bugs | TechCrunch
Webinar Registration - Zoom
May 26, 2021
Risky Biz Feature Podcast: The politics of cybersecurity

In this podcast we’ll be hearing from an Australian politician, Tim Watts. He’s a member of our federal parliament and serves as our shadow minister for communications and cybersecurity. For our overseas listeners, the “shadow” part of his title is there because he’s a member of the opposition party, so he’s not in government. But, of course, if the Labor party wins the next election he’ll be our communications and cybersecurity minister.

Anyway, Tim is a bit of an anomaly in politics because he has a genuine, nerd-like interest in the field we so love. Tim and I chat pretty regularly, and I can say that yes, 100%, his interest in this field is genuine and he has a firm grasp on the issues that matter.

I thought now would be a great time to run an interview on the politics of infosec. While it’s true that policymakers spend time thinking about this stuff, cybersecurity hasn’t yet crossed over into being what they call a “retail politics” issue. But thanks to the Colonial pipeline ransomware incident, that might be about to change.

May 24, 2021
Risky Business #624 -- Ransomware farce continues

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The aftermath of the Colonial ransomware attack
  • Biden signs cybersecurity EO
  • DarkSide crew hounded off the Internet. For now.
  • Ransomware campaigns continue, hitting health, insurance targets globally
  • IIS PoC released
  • Rapid7 discloses Codecov-related source code breach
  • Much, much more

This week’s show is brought to you by AttackIQ. Its VP of Product Mark Bagley and Senior Director of Cybersecurity Strategy and Policy Jonathan Reiber are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Colonial Pipeline resumes operations after ransomware prompted closure | Ars Technica
Colonial Pipeline hit by brief network outage amid efforts to harden system | Reuters
US government plans to disrupt hackers behind Colonial Pipeline ransomware, Biden says
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized – Krebs on Security
Popular hacking forum bans ransomware ads | The Record by Recorded Future
Ransomware hits near pre-Colonial Pipeline levels, data suggests | Reuters
Lawmakers say Colonial Pipeline's refusal to discuss ransom undermines US efforts
Darkside gang estimated to have made over $90 million from ransomware attacks | The Record by Recorded Future
Ransomware Hackers Claim To Leak 250GB Of Washington, D.C., Police Data After Cops Don’t Pay $4 Million Ransom
Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data | WIRED
Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees
Irish Prime Minister says government won't pay ransom after hack forces hospitals to alter services
Cyber attack at Waikato hospitals: Patients anxiously wait for updates | RNZ News
Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement
PoC released for wormable Windows IIS bug | The Record by Recorded Future
Security firm Rapid7 says Codecov hackers accessed some of its source code | The Record by Recorded Future
Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector
Beyond Lazarus: North Korean cyber-threat groups become top-tier, ‘reckless’ adversaries | The Daily Swig
Florida water plant compromise came hours after worker visited malicious site | Ars Technica
Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs | The Record by Recorded Future
Operator of WeLeakInfo database marketplace sentenced to two years in prison | The Record by Recorded Future
Pentagon Surveilling Americans Without a Warrant, Senator Reveals
Hackers Are Having a Field Day With AirTags
AirTags Can Be Used To Figure Out When a House Is Empty, Researcher Warns
Two attacks disclosed against AMD's SEV virtual machine protection system | The Record by Recorded Future
Microsoft releases free online ‘playbooks’ to help businesses defend against cyber-attacks | The Daily Swig
Risky Biz Feature Podcast: A primer on Microsoft cloud security - Risky Business
May 19, 2021
Risky Biz Snake Oilers: Google pitches BeyondCorp for Enterprise

As regular listeners would know, Snake OIlers is a wholly sponsored podcast series we do here at Risky Biz HQ where vendors give us money so they can come on and pitch their products to you, our dear, dear listeners.

And we have three vendors along today to pitch you:

  • Google Cloud Security is in the top slot pitching their Zero Trust product suite BeyondCorp Zero Trust for Enterprise.

  • Devicie, an Australian startup, that developed a solution that makes Microsoft Intune useable.

  • Trend Micro joins the show to talk about its latest XDR features

May 13, 2021
Risky Business #623 -- Ransomware threatens US energy security

On this week’s show Patrick Gray, Adam Boileau and Chris Krebs discuss the week’s security news, including:

  • An analysis of the Colonial pipeline ransomware attack
  • More ransomware news
  • UK and US expose APT29’s preferred exploits (again)
  • IntrusionTruth drops a new post
  • 128m Apple devices were hit by XCodeGhost
  • Much, much more

This week’s sponsor interview is with Aaron Parecki, a Senior Security Architect at Okta. He’s also been a spec editor and member of the oath working group at IETF for nearly 11 years, so he knows a thing or two about OAuth. He’ll be joining me after the week’s news to talk through the latest OAuth guidance the IETF is going to release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Biden: No evidence Russian government is involved in Colonial ransomware attack | The Record by Recorded Future
15% of 2020 ransomware payments carried a sanctions violations risk | The Record by Recorded Future
A Closer Look at the DarkSide Ransomware Gang – Krebs on Security
US fuel pipeline hackers 'didn't mean to create problems' - BBC News
FBI blames DarkSide ransomware operators for Colonial Pipeline incident - CyberScoop
Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent - CyberScoop
US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules - CyberScoop
Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time
Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption - Zero Day
The Colonial Pipeline Hack Is a New Extreme for Ransomware | WIRED
City of Tulsa hit by ransomware over the weekend | The Record by Recorded Future
Wave of Avaddon ransomware attacks triggers ACSC, FBI warning | The Record by Recorded Future
Ransomware crooks post cops’ psych evaluations after talks with DC police stall | Ars Technica
Court Authorizes Service of John Doe Summons Seeking Identities of U.S. Taxpayers Who Have Used Cryptocurrency | OPA | Department of Justice
UK and US share more vulnerabilities exploited by Russia's APT29 hackers | The Record by Recorded Future
Intrusion Truth details work of suspected Chinese hackers who are under indictment in US
SolarWinds says fewer than 100 customers were impacted by supply chain attack | The Record by Recorded Future
US spy agencies review software suppliers' ties to Russia following SolarWinds hack
Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet | WIRED
'Conspiracy is hard': Inside the Trump administration's secret plan to kill Qassem Soleimani
FragAttacks: Security flaws in all Wi-Fi devices
WiFi devices going back to 1997 vulnerable to new Frag Attacks | The Record by Recorded Future
An estimated 30% of all smartphones vulnerable to new Qualcomm bug | The Record by Recorded Future
New TsuNAME bug can be used to DDoS key DNS servers | The Record by Recorded Future
Google to make multi-factor authentication its default mode
Chinese military unit accused of cyber-espionage bought multiple western antivirus products | The Record by Recorded Future
Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse | Ars Technica
DOD expands vulnerability disclosure program, giving hackers more approved targets
Google and Mozilla will bake HTML sanitization into their browsers | The Daily Swig
Scammer Used Fake Court Order to Take Over Dark Web Drug Market Directory
May 12, 2021
Risky Business #622 -- GitHub weighs exploit ban

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • GitHub weighs banning exploits
  • Ransomware galore
  • Belgian government crippled in DDoS attack
  • Intrusion Truth Twitter account suspended
  • More Pulsesecure victims identified
  • Much, much more

This week’s show is brought to you by ExtraHop networks, and they’ll pop along in this week’s sponsor interview to float a really, really good idea. The Biden administration EO on cybersecurity will mandate software is shipped with a so-called software bill of materials so customers will actually know what’s in their supply chain. Ben Higgins and Ted Driggs from Extrahop will join us today to argue they should also supply a bill of behaviours; data in a standardised form that will tell you things like what domains and IPs the software will connect to.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Belgium's government network goes down after massive DDoS attack | The Record by Recorded Future
Exclusive: Hackers Break Into Glovo, Europe’s $2 Billion Amazon Rival
'Phishing' Sites Buying Workplace Login Details Linked to Well-Funded Startup
GitHub to review its exploit-hosting policy in light of recent scandal | The Record by Recorded Future
More US agencies potentially hacked, this time with Pulse Secure exploits | Ars Technica
Twilio discloses impact from Codecov supply-chain attack
Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers
Suspected Chinese hackers are breaking into nearby military targets
NSA warns defense contractors to double check connections in light of Russian hacking
Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator
Swiss Cloud becomes the latest web hosting provider to suffer a ransomware attack | The Record by Recorded Future
DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe | The Record by Recorded Future
Babuk gang says it will stop ransomware attacks after DC Police incident | The Record by Recorded Future
Ransomware gang leaks court and prisoner files from Illinois Attorney General Office | The Record by Recorded Future
QNAP warns of AgeLocker ransomware attacks against NAS devices | The Record by Recorded Future
Ransomware gang targets Microsoft SharePoint servers for the first time | The Record by Recorded Future
Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin | WIRED
An Ambitious Plan to Tackle Ransomware Faces Long Odds | WIRED
Task Force Seeks to Disrupt Ransomware Payments – Krebs on Security
The IRS Wants Help Hacking Cryptocurrency Hardware Wallets
Experian API Exposed Credit Scores of Most Americans – Krebs on Security
Magecart scammers aim at restaurants' online delivery systems
They Told Their Therapists Everything. Hackers Leaked It All | WIRED
XSS in the wild: JavaScript-stuffed orders used to compromise Japanese e-commerce sites | The Daily Swig
Microsoft discloses 'BadAlloc' bugs affecting smart devices, industrial gear | The Record by Recorded Future
Watch A Tesla Have Its Doors Hacked Open By A Drone
Time to update DNS servers to defend against brace of serious BIND vulnerabilities | The Daily Swig
Google Android’s implementation of privacy-preserving contact tracing ‘flawed’ | The Daily Swig
Dell patches 12-year-old driver vulnerability impacting millions of PCs | The Record by Recorded Future
Microsoft will permanently remove Flash from Windows PCs by July 2021 | The Record by Recorded Future
21Nails vulnerabilities impact 60% of the internet's email servers | The Record by Recorded Future
Qualys researchers uncover 21 bugs in Exim mail servers - CyberScoop
New Spectre attack once again sends Intel and AMD scrambling for a fix | Ars Technica
Hall of Fame: Mark Dowd - YouTube
Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest
May 05, 2021
Risky Business #621 -- Ultra professional criminal attackers ascendant

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • USA imposes sanctions over SolarWinds campaign
  • Enterprise border devices being attacked everywhere by all and sundry
  • Malvertising is coming back
  • Ultra professional criminal attackers are ascendant
  • All the latest ransomware, supply chain and other infosec news

This week’s sponsor interview is with Brian Dye, CEO of Corelight. We speak to him about what he’s calling “Open NDR”. A lot of the big SOCs have settled on their preferred ways of sharing threat information, and Brian drops by to talk all about those trends.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

White House formally blames Russian intelligence service SVR for SolarWinds hack | The Record by Recorded Future
CISA, FBI, NSA reveal five enterprise bugs exploited by Russia's APT29 group | The Record by Recorded Future
Hackers go after SonicWall email appliances with three zero-days | The Record by Recorded Future
Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world | Ars Technica
New Cring ransomware deployed via unpatched Fortinet VPNs | The Record by Recorded Future
US says APTs are using Fortinet bugs to gain initial access for future attacks | The Record by Recorded Future
Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild | The Record by Recorded Future
Password manager Passwordstate hacked to deploy malware on customer systems | The Record by Recorded Future
Codecov discloses 2.5-month-long supply chain attack | The Record by Recorded Future
Vulnerability in time-syncing software puts a ton of corporate networks at risk | The Record by Recorded Future
NSA says it found new critical vulnerabilities in Microsoft Exchange Server
Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities | USAO-SDTX | Department of Justice
Ransom Gangs Emailing Victim Customers for Leverage – Krebs on Security
Ransomware gang tries to extort Apple hours ahead of Spring Loaded event | The Record by Recorded Future
UnitingCare Queensland hit by cyber attack - Security - iTnews
Ransomware gang threatens to expose police informants if ransom is not paid | The Record by Recorded Future
Ransomware gang wants to short the stock price of their victims | The Record by Recorded Future
How the Kremlin provides a safe harbor for ransomware
Malvertisers hacked 120 ad servers to load malicious ads | The Record by Recorded Future
Security researcher drops Chrome and Edge exploit on Twitter | The Record by Recorded Future
Recent Chromium bug used to attack Chinese WeChat users | The Record by Recorded Future
SAP systems usually come under attack 72 hours after a patch | The Record by Recorded Future
European cops collected data from encrypted chat service for weeks prior to cocaine bust
Colombia’s cartels target Europe with cocaine, corruption and torture | Drugs trade | The Guardian
Australian firm Azimuth unlocked the San Bernardino shooter’s iPhone for the FBI - The Washington Post
Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
Lawyer Asks For New Trial After Cellebrite Vulnerability Discovery
Cellebrite Pushes Update After Signal Owner Hacks Device
Signal Adds a Payments Feature—With a Privacy-Focused Cryptocurrency | WIRED
WhatsApp Spying Site Blames WhatsApp for Letting It Spy
Phone numbers for 533 million Facebook users leaked on hacking forum | The Record by Recorded Future
Facebook Wants to 'Normalize' the Mass Scraping of Personal Data
Palestinian Hackers Tricked Victims Into Installing iOS Spyware | WIRED
The UK Is Trying to Stop Facebook's End-to-End Encryption | WIRED
Hackers move $760 million from the 2016 Bitfinex hack | The Record by Recorded Future
'Fourth Amendment Is Not For Sale Act' Would Ban Clearview and Warrantless Location Data Purchases
Ill-advised research on Linux kernel lands computer scientists in hot water | The Daily Swig
Researchers trick Duo 2FA into sending authentication request to attacker-controlled device | The Daily Swig
NAME:WRECK vulnerabilities impact millions of smart and industrial devices | The Record by Recorded Future
Google's Project Zero updates vulnerability disclosure rules to add patch cushion | The Record by Recorded Future
Suspected North Korean hackers set up fake company to target researchers, Google says - CyberScoop
National security: Five Eyes split demands Australia reset with New Zealand
Dan Kaminsky: Tributes pour in for security researcher who died after short illness | The Daily Swig
Apr 28, 2021
Snake Oilers: Greynoise! MergeBase! Votiro!

In this edition of Snake Oilers we’ll be hearing from three very different vendors who’ve all been doing interesting stuff.

Greynoise: An infosec startup darling, Greynoise can tell you when an attack you’ve detected is internet-wide, automated activity. Very useful for de-prioritising entire alert sets.

MergeBase: Software Composition Analisys (SCA) with two key differentiators. MergeBase says it gives users MUCH better remediation advice than competitors, and also offers a “in prod” dynamic SCA product that feeds Java app telemetry back to app/security teams. Very cool, and getting popular.

Votiro: Regular listeners would know about CDR company Votiro. They’ve spent the last little while updating their product to better deal with macro-based threats. There’s some site-specific machine learning pixie dust as well as some more generic static detections and re-writes.

Apr 20, 2021
Risky Business #620 -- Project Zero burns Western counterterrorism operation

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Ubiquiti insider blows whistle on breach
  • Cyber insurer ransomwared
  • Project Zero burned a Western counterterrorism operation
  • Australian parliament, media, politicians all under attack
  • Executive Order would require vendors to notify US government of incidents
  • Much, much more…

This week’s sponsor guest is a special one. Metasploit creator and Rumble.run founder HD Moore will join us to talk all about his new venture, the Rumble asset discovery tool. It’s an absolutely fantastic interview, as you’d expect from HD.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security
SHAREHOLDER ALERT: Ubiquiti, Inc. Investigated for Possible Securities Laws Violations by Block & Leviton LLP; Investors Should Contact the Firm
Ubiquiti tells customers to change passwords after security breach | ZDNet
Top insurer CNA disconnects systems after cyberattack
London's biggest school trust hit by ransomware | The Record by Recorded Future
Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion
Nine says it has isolated source of cyber attack
Cyber attack on Channel Nine: Government assistance requested by network
Nine Entertainment warns ransomware recovery 'will take time' - Security - iTnews
AFP, NSW Police investigating cyber attack on Nine
'State actor' behind Nine Network cyber attack, , tech expert says
Australia investigates reported hacks aimed at parliament, media
Australian Minister’s Phone Hacked as Report Reveals Hong Kong Link
Australian ministers are targets in Telegram phishing scam, Australia/NZ News & Top Stories - The Straits Times
Hackers target German lawmakers in an election year
Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters
Facebook disrupts Beijing's Uyghur hacking campaign | The Record by Recorded Future
Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy | MIT Technology Review
Apple releases iPhone, iPad and Watch security patches for zero-day bug under active attack | TechCrunch
US lacks visibility into digital espionage at home, NSA boss says
The Dark Web Is Teeming With Vaccine Listings Right Now | WIRED
Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts
T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation
New 5G protocol vulnerabilities allow location tracking | The Record by Recorded Future
PHP's Git server hacked to add backdoors to PHP source code
SSRF vulnerability in NPM package Netmask impacts up to 279k projects | The Daily Swig
H2C smuggling proves effective against Azure, Cloudflare Access, and more | The Daily Swig
Security researcher launches GoFundMe campaign to fight legal threat over vulnerability disclosure | The Daily Swig
Cloudflare launches JavaScript dependency dashboard utility to warn against Magecart-style malfeasance | The Daily Swig
Microsoft Teams is the first target for new app-focused bug bounty program | The Daily Swig
Slack Says Letting Anyone Message Anyone With Few Limits Was ‘a Mistake’
No, I Did Not Hack Your MS Exchange Server — Krebs on Security
Mar 31, 2021
Risky Business #619 -- REvil crew demands $50m from Acer

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • REvil demands US$50m from Acer in ransomware attack
  • Shell added to Accellion victim list
  • Governments banding together to tackle ransomware
  • BEC theft hits $1.8bn in 2021: FBI
  • Exchange tyre fire is, surprisingly, almost under control
  • MORE

Remediant’s Paul Lanzi will pop along in this week’s sponsor interview to talk about how they’ve integrated their PAM solution with Carbon Black. It’s an integration that is actually somewhat obvious in hindsight: if a box has been popped then some accounts have, too, so tying these things together does make sense.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware gang demands $50 million from computer maker Acer | The Record by Recorded Future
Ransomware attacks hit event-management, wireless technology firms
Energy giant Shell impacted in Accellion hack
Ransomwared Bank Tells Customers It Lost Their SSNs
New global model needed to dismantle ransomware gangs, experts warn
FBI: Cybercrime losses exceeded $4.2 billion in 2020 | The Record by Recorded Future
Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts | The Record by Recorded Future
US racing to address Microsoft vulnerabilities, especially for small businesses
Microsoft Exchange server patching efforts are going extraordinarily well | The Record by Recorded Future
The Peculiar Ransomware Piggybacking Off of China’s Big Hack | WIRED
Microsoft Exchange servers targeted by second ransomware group | The Record by Recorded Future
Chinese cyberspies go after telco providers, 5G secrets | The Record by Recorded Future
Finland pins Parliament hack on Chinese hacking group APT31 | The Record by Recorded Future
Line app allowed Chinese firm to access personal user data | The Record by Recorded Future
Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military
Encrypted Phone Firm 'Sky' Shuts Down
Threat actors start attacking F5 devices using recent vulnerability | The Record by Recorded Future
Google: A mysterious hacking group used 11 different zero-days in 2020 | The Record by Recorded Future
Attackers are trying awfully hard to backdoor iOS developers’ Macs | Ars Technica
Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls | WIRED
Space jam: Researchers and satellite start-ups meet to discuss celestial cybersecurity | The Daily Swig
Google awards Uruguayan researcher $133,337 top prize in cloud security competition | The Daily Swig
Verkada hacker charged in the US for hacking more than 100 companies | The Record by Recorded Future
Russian who tried to hack Tesla last summer pleads guilty | The Record by Recorded Future
Roll still doesn’t know how its hot wallet was hacked | TechCrunch
Microsoft blames crypto key rotation snafu for 365 outage | The Daily Swig
Mar 24, 2021
Risky Biz Soap Box: 12 years since Operation Aurora. Have we learned anything?

This is a wholly sponsored podcast brought to you by Okta.

In this interview we chat with Marc Rogers, the executive director of Cybersecurity at Okta.

The question that we’re exploring in this interview is whether or not we’ve managed to move the infosec needle since the Chinese government hacked Google back during the Operation Aurora attacks of 2009.

There are some real echoes of Operation Aurora in today’s headlines, like the SVR’s Solarwinds hack and Chinese APT crews using Exchange 0day.

Google did learn from Aurora and rearchitected its whole approach to minimise the chances of that sort of things happening again. They moved to their implementation of Zero Trust, Beyondcorp, and so far that looks like a good decision.

The rest of the world has been slow to follow, and that leads us to the question: have we actually made things better since Operation Aurora hit the headlines back in 2009?

Mar 23, 2021