Winamp Logo
Risky Business Cover
Risky Business Profile

Risky Business

English, Financial News, 1 season, 112 episodes
About
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Episode Artwork

Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube
1/31/20240
Episode Artwork

Risky Business #733 -- Say cheese, motherf---er

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. Microsoft honks its clown car horn Australia’s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson… … while Progress does not and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register
1/24/20240
Episode Artwork

Risky Business #732 — We are CRUSHED

On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says
1/17/20240
Episode Artwork

Risky Business #731 -- SEC Twitter hack moves Bitcoin price

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: SEC Twitter account hack moves bitcoin price Kaspersky admires Triangulation hackers’ fine work Telcos hacked all over Israel hacks Iranian gasoline pumps again Iran up in Albania, Sudan, Egypt and Tanzania and much, much more… This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica
1/10/20240
Episode Artwork

Risky Business #730 -- Apple, Facebook go all in on e2ee

In this week’s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week’s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst’s founder, is this week’s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.
12/13/20230
Episode Artwork

Risky Biz Soap Box: Why enterprise browsers are good, actually

In this Soap Box edition of the Risky Business podcast Patrick Gray talks to Island’s Bradon Rogers about security-focussed, enterprise browsers. You can use Island to do stuff like grant third parties access to corporate applications on unmanaged devices in a not insane way – that’s a huge pain point for a lot of CISOs, and something that is bringing a lot of new customers through Island’s doors. Obviously for devices you do manage, you can roll Island out as your default enterprise browser. There are a lot of security benefits to doing that.
12/12/20230
Episode Artwork

Risky Business #729 -- Why patching faster won't save us

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn’t the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed’ attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch ‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch
12/6/20230
Episode Artwork

Risky Business #728 -- The Citrixbleed ransomware disaster

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The Citrixbleed ransomware crisis Why the FBI hasn’t arrested Scattered Spider members DPRK is in your supply chains Microsoft has a brainwave and buys a HSM When civil war meets pig butchering Much, much more This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes ‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA Australian ports operator recovering after major cyber incident Minister lashes DP World hack failure Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states | CNN Politics Fidelity National Financial investigating cyberattack that led to service disruption | Cybersecurity Dive Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS North Texas water utility serving 2 million hit with cyberattack Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack High-profile ransomware gang suspects arrested in Ukraine FBI struggled to disrupt dangerous casino hacking gang, cyber responders say | Reuters Chinese spies had acces to Dutch chip maker NXP's systems for over two years: report | NL Times North Korean supply chain attacks prompt joint warning from Seoul and London North Korean attack on CyberLink impacted devices around the world, Microsoft says North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop (14) Microsoft Should Look to the Past for Its Security Future Sacked Ukrainian cyber chief released on bail amid corruption probe Second top Ukrainian cyber official arrested amid corruption probe Report claims to reveal identity of Russian hacktivist leader Rebel offensive in Myanmar takes aim at online scam industry Myanmar Rebel Offensive Helps China's Cybercrime Crackdown Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop Nearly two dozen Danish energy companies hacked through firewall bug in May Senate proposes surveillance bill without FBI warrant requirement The FCC says new rules will curb SIM swapping. I’m pessimistic | Ars Technica EU urged to drop new law that could allow member states to intercept and decrypt global web traffic Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog Spavor blames fellow prisoner Kovrig for Chinese detention, alleges he was used for intelligence gathering - The Globe and Mail The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED
11/29/20230
Episode Artwork

Risky Biz Soap Box: Why o365 and Google Workspace are a security liability

In this Soap Box podcast Patrick Gray talks to Material Security’s CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites. Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files? Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account. Even if you’re not interested in buying a product to tackle this, we think this one is a great listen.
11/16/20230
Episode Artwork

Risky Business #727 -- Mr Gray goes to Washington

On this week’s show Patrick Gray talks through the news with Chris Krebs and Dmitri Alperovitch. They discuss: The SEC enforcement action against Solarwinds’ CISO The White House AI Executive Order CitrixBleed exploitation goes wide How Kaspersky captured some (likely) Five Eyes iOS 0day Elon Musk’s Gaza Strip adventures Much, much more This week’s show is brought to you by Greynoise. Andrew Morris, Greynoise’s founder and CEO, is this week’s sponsor guest. He talks about how Greynoise is using large language models to help them analyse massive quantities of malicious internet traffic. Show notes comp-pr2023-227.pdf Biden signs executive order to oversee and invest in AI tech Risky Biz News: CitrixBleed vulnerability goes from bad to disastrous Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X How Kaspersky obtained all stages of Operation Triangulation | Securelist Kaspersky reveals 'elegant' malware resembling NSA code | CyberScoop Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner A cascade of compromise: unveiling Lazarus' new campaign | Securelist Near-total internet and cellular blackout hits Gaza as Israel ramps up strikes Amichai Stein on X: "Israel's Communications Minister @shlomo_karhi in response to Elon Musk: Israel will use all the means at its disposal to fight this. Hamas will use this for terrorist activity. There is no doubt about it. We know it, and Musk knows it. Hamas is ISIS." / X Shashank Joshi on X: "Wonder what encryption, if any, they use? Vulnerable to tapping. "Hamas has maintained operational security by going “stone age” and using hard-wired phone lines while eschewing devices that are hackable or emit an electronic signature." https://t.co/ALVSXb55Zn" / X Hackers that breached Las Vegas casinos rely on violent threats, research shows | CyberScoop Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog GitHub - cloudflare/har-sanitizer Russia to launch its own version of VirusTotal due to US snooping fears iPhones have been exposing your unique MAC despite Apple’s promises otherwise | Ars Technica VMware warns of critical vulnerability affecting vCenter Server product Judge tosses Khashoggi widow’s lawsuit against NSO Group
11/1/20230
Episode Artwork

Risky Biz Soap Box: Stairwell will offer platform to researchers

In this edition of the Soap Box we hear from Mike Wiacek and Eric Foster from Stairwell. Stairwell makes a product that collects and analyses every executable file in your environment. You deploy file collectors to your systems and they forward all new files to Stairwell for manual and automated analysis. You can do a lot of really cool analysis once you have all that stuff in the same place. But as you’ll hear, Stairwell is broadening out the use cases for its platform. You don’t want to forward files from every system? You don’t have to. It’s still very useful as an analysis platform. It’s sort of like VirusTotal, but private and with a bunch more bells and whistles. There’s also a bunch of sharing tools in the platform, which gives it a “social network for CTI nerds” flavour.
10/30/20230
Episode Artwork

Risky Business #726 -- Okta owned while Cisco takes a massive L

On this week’s show Patrick Gray talks through the news with Dmitri Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director Morgan Adamski. They discuss: The Okta breach 40-50k feral Ciscos Why the http/2 protocol flaw is a real headache The Ragnar Locker takedown What the NSA CCC has been thinking about This week’s show is brought to you by Socket. Socket’s founder Feross Aboukhadijeh joins us this week to talk about their actually-not-crazy use of large language models in their product. Show notes Hackers Stole Access Tokens from Okta’s Support Unit – Krebs on Security Almost 42K Cisco IOS XE devices exploited, no patch available | Cybersecurity Dive Critical Atlassian Confluence CVE under exploit by prolific state-linked actor | Cybersecurity Dive JetBrains vulnerability being exploited by North Korean gov’t hackers, Microsoft says Citrix Netscaler patch for critical CVE bypassed by malicious hackers | Cybersecurity Dive HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years | WIRED How North Korean Workers Tricked U.S. Companies into Hiring Them and Secretly Funneled Their Earnings into Weapons Programs Ragnar Locker takedown Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts The US Congress Was Targeted With Predator Spyware Lloyd’s of London finds hypothetical cyberattack could cost world economy $3.5 trillion
10/25/20230
Episode Artwork

Risky Biz Soap Box: Preventing MFA reset attacks

Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d. He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.
10/13/20230
Episode Artwork

Risky Business #725 -- Microsoft knifes VBScript, passkeys the new default for Google accounts

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover: Microsoft has killed VBScript Google to make passkeys the new default sign-in method MGM losses to exceed $100m Clorox has a bad quarter Why a bug in cURL could be really bad news Much, much more This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments. Show notes Deprecated features in the Windows client - What's new in Windows | Microsoft Learn Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states Cybercrime gangs now deploying ransomware within 24 hours of hacking victims Microsoft: Human-operated ransomware attacks tripled over past year Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop 67 X accounts spread coordinated Israel-Hamas disinformation: report John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X Hacktivism erupts in response to Hamas-Israel war | TechCrunch ‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks NVD - CVE-2023-44487 Maintainers warn of vulnerability affecting foundational open-source tool 23andMe user data targeting Ashkenazi Jews leaked online 23andMe User Data Stolen in Credential Stuffing Attack Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica From AI with love: Scammers integrate ChatGPT into dating-app tool Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
10/11/20230
Episode Artwork

Risky Business #724 -- Exploitation moves away from Microsoft, Google and Apple products

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ransomware crews target WS_FTP and Jetbrains servers Global energy supply shapes up as big target The Dossier Center drops another banger Indian nationalists DDoS Canadian targets A look at the Exim drama Much, much more This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Multiple exploits hit Progress Software’s WS_FTP Server | Cybersecurity Dive Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive Progress Software says business impact ‘minimal’ from MOVEit attack spree | Cybersecurity Dive NEXTA on X: Гостайна по электричеству - Досье Russian flight booking system suffers ‘massive’ cyberattack Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News NATO investigating breach, leak of internal documents | CyberScoop Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive Suspected China-based hackers target Middle Eastern telecom, Asian government North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company Ransomware gangs destroying data, using multiple strains during attacks: FBI Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica NSA is creating a hub for AI security, Nakasone says Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica ‘Snatch’ Ransom Group Exposes Visitor IP Addresses – Krebs on Security IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch
10/4/20230
Episode Artwork

Risky Business #723 -- MGM and Caesars: Western youths are working with ransomware gangs

On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover: How western youths are working with Russian ransomware crews Russia has changed its targeting in Ukraine A massive breach of historical Russian flight information is god’s gift to OSINT orgs Cisco buys Splunk for $28bn Much, much more This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest. Links to everything that we discussed are below. Show notes MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive mgmkirwan - DocumentCloud Cross-Tenant Impersonation: Prevention and Detection | Okta Security 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters Youth hacking ring at the center of cybercrime spree | CyberScoop UK logistics firm blames ransomware attack for insolvency, 730 redundancies Philippines state health org struggling to recover from ransomware attack Bermuda’s premier attributes system outages to ‘Russia-based’ attackers Russian hackers target Ukrainian government systems involved in war crimes investigations (4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X Hackers break into Russian database with data on hundreds of millions of flights Canada blames border checkpoint outages on cyberattack Air Canada says hackers accessed limited employee records during cyberattack 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years Hong Kong crypto business Mixin says hackers stole $200 million in assets Cisco to buy Splunk for $28B | Cybersecurity Dive British Army general says UK now conducting ‘hunt forward’ operations World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado
9/28/20230
Episode Artwork

Snake Oilers: Sublime Security, Vulncheck and Devicie

In this edition of Snake Oilers you’ll hear product pitches from: Sublime Security: e-mail security for people who want to tune their detections Vulncheck: Provides vulnerability intelligence to governments, large enterprises and vendors Devicie: Manage your devices with Intune without pulling your hair out Show notes sublime.security VulnCheck - Outpace Adversaries Cloud-native device management platform | Devicie
9/22/20230
Episode Artwork

Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?

On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover: Microsoft’s 38TB oopsie MGM’s Okta compromised, was this what Okta was warning us about? Why we need a cyber knife fight Google Authenticator sync abused in the wild Much, much more This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center (6) Microsoft's Security Culture Just Isn't up to Scratch Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive I Gambled in MGM's Hacked Casinos ‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive Caesars Entertainment says it was also a victim of a cyberattack Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive DHS: Ransomware attackers headed for second most profitable year (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X White House urging dozens of countries to publicly commit to not pay ransoms Cyberattack on Kansas town affects email, phone, payment systems Major trucking software provider confirms ransomware incident Several Colombian government ministries hampered by ransomware attack Manchester police officers’ data stolen following ransomware attack on supplier Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say How Google Authenticator made one company’s network breach much, much worse | Ars Technica Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED Mozilla, CISA urge users to patch Firefox security flaw UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza War crimes tribunal ICC says it has been hacked | Reuters XINTRA - Cybersecurity Training CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube SaaS attack techniques SaaS attack matrix: The shadow workflow’s evil twin SaaS Attack: How to SAMLjack a poisoned tenant SAMLjacking a poisoned tenant demo - YouTube SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube
9/20/20230
Episode Artwork

Risky Business #721 -- Why Storm-0558's Microsoft hack should have failed

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: How Storm-0558 stole Microsoft’s signing key Cisco 0day being used by ransomware crews We were right about Elon stumbling into the Ukraine war Someone’s amazing image library 0day just got crushed Much, much more! This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center Microsoft reveals how hackers stole its email signing key… kind of | TechCrunch Kevin Beaumont: "One extra thing to highlight -…" - Cyberplace Preventing Authentication Bypass: A Tale of Two Researchers - YouTube BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive Microsoft Teams phishing attack pushes DarkGate malware CISA warns of attacks using Microsoft Word, Adobe bugs New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive MGM Resorts takes systems offline following cyberattack Save the Children International hit with cyberattack, but says operations weren’t impacted Sri Lankan government loses months of data following ransomware attack (6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too. Opinion | The untold story of Elon Musk’s support for Ukraine - The Washington Post Elon Musk on X: SpaceX unveils Starshield, a military variation of Starlink satellites China-Linked Hackers Breached a Power Grid—Again | WIRED Just waiting for a mate - YouTube North Korea-backed hackers target security researchers with 0-day | Ars Technica Cars are collecting data on par with Big Tech, watchdog report finds Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X
9/13/20230
Episode Artwork

Snake Oilers: ConductorOne, Bloodhound Enterprise and Zero Networks

In this edition of Snake Oilers you’ll hear product pitches from: ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down Zero Networks: Agentless, heavily automated microsegmentation and a VPN product that won’t get you insta-owned Show notes ConductorOne - Identity security & access control Home - BloodHound Enterprise Microsegmentation in a Matter of Minutes | Zero Networks
9/8/20230
Episode Artwork

Risky Business #720 -- How cloud identity provider federation features can get you mega-owned

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel’s SS7 access Much, much more! This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World’s Top Cybercrime Gangs | WIRED
9/6/20230
Episode Artwork

Risky Business #719 -- FBI vapes 700,000 Qakbot infections

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The FBI takes down Qakbot, steals operators’ bitcoins ha ha Danish hosting provider completely destroyed in ransomware attack Sophisticated Russian cyber attack on Polish trains. Well. Not really. Microsoft revokes cert then revokes its revocation Much, much more! This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters Danish cloud host says customers ‘lost all data’ after ransomware attack | TechCrunch VDP Platform 2022 Annual Report Showcases Platform’s Success | CISA Proposed bill would require vulnerability disclosure policies for all federal contractors The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED Two suspects arrested following Poland railway hack ‘Incredible concern and anger’ among Metropolitan Police after hackers breach data New malware from North Korea’s Lazarus used against healthcare industry North Korea’s Lazarus hackers behind recent crypto heists: FBI US arrests Tornado Cash co-founder, sanctions another who remains at large Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security (2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant Unpacking the MOVEit Breach: Statistics and Analysis The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive British court convicts two teen Lapsus$ members of hacking tech firms Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. – Krebs on Security Apple security updates could be banned by British government
8/30/20230
Episode Artwork

Risky Business #718 -- Chaos and carnage, business as usual

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: (NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!) US Government warnings to private space sector on cyber risk Ukrainian hackers dump the inbox of Russian Duma deputy chair Absentee voting in Ecuador’s election disrupted by DDoS attack South Korea warns of Chinese “spy chips” Much, much more! This week’s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week’s show to talk about Powershell Constrained Language mode. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: US warns space sector of hacks, spying, IP theft, and sabotage Safeguarding the US Space Industry - DocumentCloud Ukrainian hackers claim to leak emails of Russian parliament deputy chief Feature Interview: How Sandworm prepared Ukraine for a cyber war - Risky Business British intelligence is tipping off ransomware targets to disrupt attacks Ecuador’s national election agency says cyberattacks caused absentee voting issues Chinese-made 'spy chip' found in Korean state-run weather agency system : r/korea [단독]중국산 기상장비에 ‘스파이칩’ 첫 발견 | 채널A 뉴스 Legitimate software tainted in attacks on Hong Kong organizations, report says Chinese hackers accused of targeting Southeast Asian gambling sector Risky Biz News: PowerShell's official package repo is a supply chain mess Zoom’s AI terms overhaul sets stage for broader data use scrutiny | Cybersecurity Dive Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI | CyberScoop Ivanti: Customers ‘impacted’ by new zero-day vulnerability CISA, experts warn of Citrix vulnerabilities being exploited by hackers Zero Networks Connect - Zero Networks | Contain The Next Breach Australia’s .au domain administrator denies data breach after ransomware posting Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | CyberScoop ‘Extreme’ user abuse leads AnonFiles operators to shut down hosting service Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica Did a Journalist Violate Hacking Law to Leak Fox News Clips? The Government Thinks He Did.
8/23/20230
Episode Artwork

Feature Interview: How Sandworm prepared Ukraine for a cyber war

In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia’s invasion. From turning off Ukraine’s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia’s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions. How has Ukraine been able to withstand Russia’s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.
8/21/20230
Episode Artwork

Risky Business #717 -- The kids are okay. At ripping your face off.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB’s Lapsus$ report Much, much more This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange
8/16/20230
Episode Artwork

Risky Business #716 -- This ain't your grandma's cloud

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Tenable gives Microsoft a spray over Azure bug fix delay, quality Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization Ransomware targets hospitals, special needs schools Japan’s cybersecurity has some catching up to do Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop Microsoft resolves vulnerability following criticism from Tenable CEO New Microsoft Azure AD CTS feature can be abused for lateral movement Hackers force hospital system to take its national computer system offline Israeli hospital redirects new patients following ransomware attack Russia-linked cybercriminals target school for children with learning difficulties Hackers accessed 16 years of Colorado public school student data in June ransomware attack Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms China hacked Japan’s classified defense cyber networks, officials say - The Washington Post Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne Ukraine says it thwarted attempt to breach military tablets The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving U.K. election regulator says hackers had access for over a year but elections still secure Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED New Inception attack leaks sensitive data from all AMD Zen CPUs Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch ‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents
8/9/20230
Episode Artwork

Risky Business #715 -- Pressure mounts on Microsoft to explain itself

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ron Wyden’s “please explain” letter to Microsoft Chinese APT crews prepositioning to disrupt US military logistics China claims US hacked its seismology sensors Ivanti/MobileIron exploitation going vertical Much, much more This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica John Hultquist🌻 on Twitter: "We found this actor in land, air, and sea transportation targets which could be leveraged for a serious disruption to logistics." / X China accuses U.S. of hacking earthquake monitoring equipment Exclusive: Pentagon Investigates ‘Critical Compromise’ Of Air Force Communications Systems CISA: Ivanti hacks targeting Norway began in April US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’ | TechCrunch Ivanti warns of second vulnerability used in attacks on Norway gov’t Andrew Morris on Twitter: "Exploitation of Ivanti EPMM (MobileIron Core) CVE-2023-35078 is currently popping off https://t.co/tkRoWqvtv1 https://t.co/XOaWEZ3U3X" / X Trail of Bits | Products US contractor says info of up to 10 million leaked in MOVEit breach British ambulances unable to access patient records system following cyberattack Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive An Unexpected Endorsement for WebAuthn | Okta Security SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive White House unveils ‘whole of society’ push to expand cybersecurity workforce Section 702 surveillance powers are necessary, but FBI access needs limits, panel says The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED Kazakhstan refuses to extradite detained Russian cyber expert to US Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters No evidence ransomware victims with cyber insurance pay up more often, UK report says ‘Worm-like’ botnet malware targeting popular Redis storage tool Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Bug in Minecraft mods allows hackers to exploit players' devices
8/2/20230
Episode Artwork

Feature interview: Australia's Cyber Security Minister Clare O'Neil

In this interview Patrick Gray speaks to Australia’s Home Affairs and Cyber Security Minister Clare O’Neil and NCSC founding director Ciaran Martin about the government’s upcoming cybersecurity strategy, releasing the hounds and more.
7/27/20230
Episode Artwork

Risky Business #714 -- Microsoft vs Wiz: pistols at dawn

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The dust-up between Microsoft and Wiz MobileIron/Ivanti 0day hoses Norwegian government agencies That’ll do TETRA, that’ll do… Microsoft finally agrees to offer decent logging without price gouging Much, much more This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Hackers exploited Ivanti zero-day to breach Norway’s government Citrix zero day exposes critical infrastructure, one provider hit | Cybersecurity Dive Interview with the ETSI Standards Organization That Created TETRA "Backdoor" Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios Microsoft attackers may have data access beyond Outlook, researchers warn | Cybersecurity Dive Risky Biz News: Microsoft feels the heat, gives customers access to more cloud security logs Risky Biz News: JumpCloud compromised by APT group North Korean hackers breached a US tech company to steal crypto | Reuters North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say | CyberScoop White House secures safety commitments from 7 AI companies | Cybersecurity Dive Renewable technologies add risk to the US electric grid, experts warn | CyberScoop Statement on Labor’s rush to renewables leaves Australia vulnerable to catastrophic cyber attack Zenbleed Firmware vulnerabilities in millions of computers could give hackers superuser status | Ars Technica Satellites Are Rife With Basic Security Flaws | WIRED Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says Apple issues third mobile OS update after zero-click spyware campaign | CyberScoop Apple slams UK surveillance-bill proposals - BBC News Bill that Would Stop the Government Buying Data Without a Warrant Passes Key Hurdle Kevin Mitnick Obituary - Las Vegas, NV
7/26/20230
Episode Artwork

Risky Biz Soap Box: BEC actors embrace LLMs to attack Japan

This Soap Box edition of the podcast is sponsored by Proofpoint. Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet. That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC. So, with that in mind, what role could large language models play in email security? Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.
7/21/20230
Episode Artwork

Risky Business #713 -- Microsoft activates PR weasels after State Department hack

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Microsoft’s weasel-word response to the State Department email hack JumpCloud got owned, maybe by DPRK Citrix 0day is getting stuff rekt Two more spyware firms sanctioned by USA Scammers list fake phone numbers for major airlines on Google Maps Much, much more This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes China-based hackers breach email accounts at State Department Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant Hackers target Pakistani government, bank and telecom provider with China-made malware Risky Biz News: JumpCloud compromised by APT group Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity Two more foreign spyware firms blacklisted by US Phone numbers for airlines listed on Google directed to scammers By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success… https://t.co/fAcrYhT696" / Twitter FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive Fed ends Capital One breach-related enforcement action | Cybersecurity Dive Norwegian Refugee Council hit by cyberattack Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says Albania’s PM complains US is not providing country with cyberdefense funds VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL Genesis Market sold to anonymous buyer despite FBI disruption
7/19/20230
Episode Artwork

Risky Business #712 -- The 336,000 undead Fortigates of DOOM

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The SEC is targeting SolarWinds executives UK to make banks liable for fraud NSA issues advice on UEFI trojan Microsoft blocks 100+ dodgy drivers The US IC knew what Prihozhin was up to. But what FSB doing? Much, much more This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop Major Japanese port suspends operation following ransomware attack Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive Chinese state-backed hackers accidentally infected a European hospital with malware Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica CISA says latest VMware analytics bug being exploited MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop Hackers claim to take down Russian satellite communications provider Russian railway site allegedly taken down by Ukrainian hackers Several US states investigating ‘SiegedSec’ hacking campaign Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop Hacktivists steal government files from Texas city Fort Worth | TechCrunch Belarusian hacktivists сlaim to breach country’s leading state university British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow More than 6,500 arrested since French and Dutch police’s EncroChat hack BreachForums seized by FBI three months after arrest of alleged admin BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop Genesis Market gang tries to sell platform after FBI disruption Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive CSI_BlackLotus_Mitigation_Guide.PDF Hacks targeting British exam boards raise fears of students cheating More than $125 million taken from crypto platform Multichain Twitter’s chaotic weekend of outages and rate limits leaves more questions than answers Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica
7/12/20230
Episode Artwork

Risky Biz Soap Box: Defeating Living of the Land

In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land. The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques. So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware? Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.
6/26/20230
Episode Artwork

Risky Business #711 -- Albanian authorities raid MEK camp over Iran hacks

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’ The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans’ data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange
6/21/20230
Episode Artwork

Risky Business #710 -- Why your corporate VPN will get you owned

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Fortinet 0day Groundhog Day CISA’s new binding directive on exposed management interfaces Confirmed: US intelligence buying commercially available data MOVEit drama rolls on Much, much more This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security MOVEit announces second vulnerability; Minnesota schools agency breached with original bug Confidential data downloaded from UK regulator Ofcom in cyberattack Ransomware group Clop issues extortion notice to ‘hundreds’ of victims Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch CISA orders US civilian agencies to remove tools from public-facing internet Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive Microsoft says Azure outage was caused by ‘anomalous’ traffic spike Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED Srsly Risky Biz: Thursday, July 29 - by Tom Uren National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post Senators say Biden administration isn’t close on overhauling surveillance law Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e North Korean hacking group Lazarus linked to $35 million cryptocurrency heist North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters An Illinois hospital links closure to ransomware attack Security professional's tweet forces big change to Google email authentication | CyberScoop Can you trust ChatGPT’s package recommendations? LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive
6/14/20230
Episode Artwork

Risky Business #709 -- Cl0p goes berserk with MOVEit 0day

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Russia’s FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China’s prepositioning is probably… prepositioning Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst
6/7/20230
Episode Artwork

Risky Business #708 – China's lolbin-powered adventures in US critical infrastructure

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: China’s lolbin-powered intrusions into critical infrastructure Trend Micro backs BlackBerry’s Cuba call Anonymous Sudan shakes down Scandanavian Airlines Iranian opposition party MEK publishes gargantuan leak Much, much more This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (1) New Messages! U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines Iranian dissidents take over high-security servers of regime presidency | Iran-linked hackers Agrius deploying new ransomware against Israeli orgs Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses NSO spyware used in Armenia-Azerbaijan conflict, report finds Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware SMS pumping fraud: take care how you configure MFA - TechHQ Full Disclosure: Printerlogic multiple vulnerabilities Barracuda Networks issue added to CISA vulnerability list Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive Developing: RaidForums users db leaked Phishing Domains Tanked After Meta Sued Freenom – Krebs on Security Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop
5/31/20230
Episode Artwork

Risky Biz Soap Box: Why your EDR won't save you

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll. They talk about all sorts of things, like: How the ransomware ecosystem is evolving into “ma and pa” operations Some killer detections they’ve figured out What separates the good networks from the bad ones Why EDR is of limited value if you’re not actually monitoring it Why not letting MDRs do the R part of their job is really, really, really dumb
5/26/20230
Episode Artwork

Risky Business #707 -- Inside China's information lockdown with Chris Krebs

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google’s New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market’s competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia’s Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients’ information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident’ cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED
5/24/20230
Episode Artwork

Risky Business #706 -- Why BlackBerry thinks Cuba ransomware is a Russian front

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Wazawaka charged, sanctioned PlugwalkJoe extradited, pleads guilty BlackBerry thinks Cuba ransomware is a front for Russian intelligence Anonymous Sudan pops up in Israel Microsoft’s Outlook patch fail Much, much more This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Alleged Babuk ransomware gang leader ‘Wazawaka’ indicted, sanctioned by US Who is the Network Access Broker ‘Wazawaka?’ – Krebs on Security British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say | TechCrunch Slapdash attempt to hack rocket sirens may be cause for serious alarm about Iran | The Times of Israel Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp | WIRED Twitter under fire for restricting content before Turkish presidential election - CBS News Three opposition media outlets hit by cyber attack Patrick Gray on Twitter: "https://t.co/n5b7wPjI6Y https://t.co/UmDbHbhEcS" / Twitter (1) Patrick Gray on Twitter: "Switched to a domain validated username at the other place. Very easy. https://t.co/U46zABPnJl" / Twitter Emerging ransomware group quickly hits 4 critical infrastructure providers | Cybersecurity Dive A ransomware source code leak spawned at least 10 ‘Babuk’ imitators, researchers say Philadelphia Inquirer unable to go to print due to ‘cyber incident’ Hackers attempt to extort Dragos and its executives in suspected ransomware attempt | CyberScoop Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack Swiss tech giant ABB confirms ‘IT security incident’ CISA: Bl00dy Ransomware Gang using printer vulnerability to attack schools Capita says responding to ransomware attack will cost up to £20 million National Gallery of Canada recovering from ransomware incident Yum Brands faces class action suits from employees after ransomware attack | Cybersecurity Dive Knocking down Hive: How the FBI ran its own ransomware decryption operation Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica FBI nukes Russian Snake data theft malware with self-destruct command The FBI’s New Malware Eradication Service Is on Thin Legal Ice Cisco warns of new ‘Greatness’ phishing-as-a-service tool seen in the wild VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns | Cybersecurity Dive UK's National Crime Agency wins major legal challenge over Encrochat hack Inside the Italian Mafia’s Encrypted Phone of Choice Microsoft releases fix for patched Outlook issue exploited by Russian hackers Scammer Made Thousands Selling 'Leaked' Frank Ocean Tracks That Were Fake, AI-Generated
5/17/20230
Episode Artwork

Risky Business #705 -- USA's Turla takedown marks a shift in tactics

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Joe Sullivan’s sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla’s Snake malware operation Much, much more This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran’s Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED
5/10/20230
Episode Artwork

Snake Oilers: Resourcely, Panther and Island

In this edition of Snake Oilers: Travis McPeak pitches Resourcely’s automagic Terraform cloud-provisioning technology Ken Westin pitches Panther – a cloud-native SIEM developed by former practitioners Brian Kenyon from Island talks about the company’s enterprise browser Enjoy! Show notes Resourcely | Cloud resource creation and management Panther | A Cloud SIEM Platform for Modern Security Teams Island | The Enterprise Browser
5/4/20230
Episode Artwork

Risky Business #704 -- Why LLMs aren't an exploit bonanza

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Rob Joyce weighs in on AI and offsec Mysterious hacker doxes Russian intelligence agency bitcoin wallets Wired deep dives on SolarWinds AmeriCold food logistics giant suffers incident Iranian authorities roll low-tech spyware Much, much more This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI | WIRED 3 areas of generative AI the NSA is watching in cybersecurity | Cybersecurity Dive NSA cyber director warns of ransomware attacks on Ukraine, Western supply chains Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It (1) Alex Banks on Twitter: "Yesterday Palantir announced its Artificial Intelligence Platform. Here's how it transforms the future of military and defence: https://t.co/TcgN29wN19" / Twitter Russian Bitcoin (BTC) Wallets Allegedly Exposed by Apparent Hacker DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED Cold storage company Americold reports cyberattack to SEC CISA seeks public comment on software security attestation form | Cybersecurity Dive Secure Software Development Attestation Form Instructions DHS pushes Congress to formally establish Cyber Safety Review Board First draft of controversial UN Cybercrime Treaty slated for June Return of the EARN IT Act rekindles encryption debate at critical moment for privacy-protecting apps | CyberScoop Apple releases first ‘rapid’ security fixes for iPhones, iPads and Macs | TechCrunch BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Lookout Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity Hackers are breaking into AT&T email accounts to steal cryptocurrency | TechCrunch CISA, FDA warn of new Illumina DNA device vulnerability Apple and Google Set Joint Standards to Stop AirTag Stalking Many Public Salesforce Sites are Leaking Private Data – Krebs on Security Brother of man who ran Helix cryptocurrency mixer jailed for stealing 712 bitcoin Nearly 300 arrested in sprawling international dark web drug market takedown | CyberScoop Students’ psychological reports, abuse allegations leaked by ransomware hackers Mandiant CEO’s 7 tips for cyber defense | Cybersecurity Dive I Regret to Inform You That Bluesky Is Fun | WIRED
5/3/20230
Episode Artwork

Risky Business #703 -- Russia whines about its tech dependence on China

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The supply chain attack in the supply chain attack Russia has a China dependency problem Recent research into TLS resumption flaws Google and Intel team up on hardware hacking DHS will hack enterprise kit Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg Hackers to show they can take over a European Space Agency satellite DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure Bill proposes new DHS centers for testing security of critical government tech UK says ‘Wagner-like cyber groups’ attacking critical infrastructure Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’ Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED We Really Need to Talk About Session Tickets | System Security Group Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica Finding PaperCut MF and NG servers DC health exchange breach traced back to misconfigured Amazon server Ukraine remains Russia’s biggest cyber focus in 2023 The hacker Bassterlord in his own words: Portrait of an access broker as a young man Hacker Group Names Are Now Absurdly Out of Control | WIRED
4/26/20230
Episode Artwork

Snake Oilers: Socket, Teleport and Mandiant's Purple Team

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Socket.dev, a software supply chain product that currently deploys as a GitHub addon Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure Mandiant joins us to pitch its Purple Team engagement product Enjoy! Show notes Socket - Secure your supply chain. Ship with confidence. Teleport: Identity-Native Infrastructure Access. Faster. More Secure. Purple Team Assessment | Improve Detection & Response
4/20/20230
Episode Artwork

Risky Business #702 -- 3CX: It's like SolarWinds, but stupider

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why 3CX was the dumbest supply chain attack we’ve seen Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved How attackers are burning down cloud infrastructure The latest from the world of spyware Much, much more This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED 3CX support tells customers to investigate malware warnings themselves | Ars Technica North Korean hackers linked to 3CX supply-chain attack, investigation finds BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog CISA, Cisco highlight Russian military targeting of router vulnerabilities Israeli spyware software surveilling journalists, politicians Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch US commits $25 million to Costa Rica for Conti ransomware recovery State Department, Congress working on formal program for US cyber aid CISA and partners issue secure-by-design principles for software manufacturers | FedScoop Time to Designate Space Systems as Critical Infrastructure Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED Cyber company Darktrace gets caught up in LockBit gang's apparent blunder Payments giant says it is investigating ransomware incident that caused POS outage Cyberattack causing treatment delays at Canadian hospital German arms manufacturer Rheinmetall confirms cyberattack Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme Police arrest almost 120 people globally following Genesis Market takedown FBI accessed Genesis Market's backend servers as part of takedown LinkedIn Verification Now Lets You Verify Your Job and Account | WIRED Tech industry’s pain is NSA’s gain, cyber leader says about layoffs QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service - Check Point Research Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. | CyberScoop From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks Taiwan highly vulnerable to Chinese air attack, leaked documents show - The Washington Post Pentagon document leak raises questions about internal security - The Washington Post Leaked secret documents detail additional Chinese spy balloons - The Washington Post
4/19/20230
Episode Artwork

Risky Biz Soap Box: Haroon Meer on why the VC apocalypse is great news

In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing. He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.
4/11/20230
Episode Artwork

Risky Business #701 -- Why infosec is wrong about TikTok

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you. On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover: The Biden White House’s executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it’s time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned’ Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico’s water authority British hospital investigating impact of ‘contained’ cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch
3/29/20230
Episode Artwork

Risky Business #700 -- Yevgeny Prigozhin's empire gets owned

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra. They cover: Yevgeny Prigozhin’s entire enterprise got majorly owned Kremlin bans iPhones among President’s staff A look at those Android handset baseband bugs (woof) A discussion of the acropalypse issue Why you need to sort out your egress filtering in light of the latest Outlook bug Shanna Daly joins us on stage to talk about why the infosec industry sucks Plus much much more This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Dossier Center Investigation: Prigozhin's Cyber Troops Unwanted communications - Newspaper Kommersant No. 46 (7491) dated 03/20/2023 Google tells users of some Android phones: Nuke voice calling to avoid infection | Ars Technica Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Severe exploit could expose sensitive data on Pixel screenshots previously cropped Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug Ransomware gang exploited a zero-day in Microsoft security feature, Google says Feds Charge NY Man as BreachForums Boss “Pompompurin” – Krebs on Security After BreachForums arrest, new site administrator says the platform will live on 3xp0rt on Twitter: "BreachForums is offline everywhere https://t.co/Q2o133e9Oy" / Twitter Two U.S. Men Charged in 2022 Hacking of DEA Portal – Krebs on Security Crypto ‘Mixer’ Laundered $700 Million For Customers, Including Russian And North Korean Spies, DOJ Says China-linked hackers exploit Fortinet zero-day in new spying campaign Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | CISA Clop ransomware is victimizing GoAnywhere MFT customers Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica Crypto ATM manufacturer General Bytes hacked, at least $1.5 million stolen
3/22/20230
Episode Artwork

Risky Business #699 -- BYOD risks ramp up

Threat actors are really enjoying home networks and BYOD these days… On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why our LastPass/DPRK hunch weakened CISA launches ransomware warning program Is the Ring data extortion real? White House flags cloud service security regulation Pig Butchering overtakes BEC as top cybercrime earner Much more! This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant North Korean hackers target security researchers with a new backdoor | Ars Technica Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO CISA unveils ransomware warning pilot for critical infrastructure Data breach hits lawmakers and staff on Capitol Hill Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch The FBI Just Admitted It Bought US Location Data | WIRED ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED Malware infecting widely used security appliance survives firmware updates | Ars Technica People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes Australian official demands Russia bring criminal hackers ‘to heel’ DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security Twitter’s Most Important Anti-Censorship Tool Is Currently Dead CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability
3/15/20230
Episode Artwork

Risky Biz Soap Box: Six degrees of Domain Admin

Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.
3/10/20230
Episode Artwork

Risky Business #698 -- Why LastPass was probably DPRK*

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why the White House’s cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. * NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub’s secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners’ data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won’t fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig
3/8/20230
Episode Artwork

Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at LastPass’s intrusion post mortem A very stable genius decided to ransomware the US Marshals Service Why Signal’s complaints about UK’s Online Safety Act are bad faith Much, much more… This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Additional details of the attack - LastPass Support LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica 'Major' U.S. Marshals Service hack compromises sensitive info DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig How I Broke Into a Bank Account With an AI-Generated Voice Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News Tines Automation Platform - YouTube
3/1/20230
Episode Artwork

An interview with Andrew Boyd, director of the CIA's Centre for Cyber Intelligence

In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about: What CCI actually does The CIA’s role in cyber intel and operations What lessons have been learned from Russia’s cyber campaigns targeting Ukraine Why a cyber conflict with China will be very, very different His views on the ransomware threat Much, much more
2/23/20230
Episode Artwork

Risky Business #696 -- Why Twitter had to kill SMS 2FA

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Twitter had to kill SMS 2FA A look at Meta’s new verification service How a ransomware attack disrupted the semiconductor supply chain Why Anonymous Sudan is probably a Russian info op Microsoft mixes up public and private keys in Azure B2C (for real) Much, much more This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter rat king 🐀 on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows google_fog_of_war_research_report.pdf Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News Azure B2C Crypto Misuse and Account Compromise - Praetorian GoDaddy: Hackers stole source code, installed malware in multi-year breach WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica Latest attack on PyPI users shows crooks are only getting better | Ars Technica Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK
2/22/20230
Episode Artwork

Risky Biz Soap Box: Greynoise has built the world's biggest, and smartest, honeypot

In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris. Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you. And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more. Enjoy!
2/16/20230
Episode Artwork

Risky Business #695 -- North Korea is ransomwaring hospitals, Russia to make "patriotic" hacking legal

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: North Korea is ransomwaring hospitals with homegrown and Russian strains Russia proposes law greenlighting “patriotic hacks” It’s 702 renewal time… again CISA releases ESXiArgs recovery script (yay!) UK mulls crimephone ban Much, much more This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics Risky Biz News: US and UK sanction seven Trickbot members United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability The FBI’s Most Controversial Surveillance Tool Is Under Threat | WIRED Meet the Creator of North Korea’s Favorite Crypto Privacy Service | WIRED CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News UK Proposes Making the Sale and Possession of Encrypted Phones Illegal UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News This week’s Reddit breach shows company’s security is (still) woefully inadequate | Ars Technica Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs OAuth ‘masterclass’ crowned top web hacking technique of 2022 | The Daily Swig New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig 'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop
2/15/20230
Episode Artwork

Risky Business #694 -- Cleansing fire claims ESXi, GoAnywhere servers

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Unpatched ESXi boxes are getting rinsed GoAnywhere MFT file transfer boxes are too Royal Mail data being ransomed by Lockbit Advanced materials manufacturer and finance company among latest rware victims Guilty plea in Ubiquiti case Much, much more This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Ransomware wave hits thousands of VMWare ESXi servers Risky Biz News: Zero-day alert for GoAnywhere file transfer servers Royal Mail faces threat from ransomware group LockBit | Reuters ION brings clients back online after ransomware attack: Source | Business Insurance Hackers who breached ION say ransom paid; company declines comment | Reuters Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with | Evening Standard K-12 schools in Tucson, Nantucket respond to cyberattacks - The Record from Recorded Future News Ransomware gang attempts to extort UK school by posting files about at-risk children - The Record from Recorded Future News British steel industry supplier Vesuvius ‘currently managing cyber incident’ - The Record from Recorded Future News Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack - The Record from Recorded Future News All classes canceled at Irish university as it announces ‘significant IT breach’ - The Record from Recorded Future News Switzerland’s largest university confirms ‘serious cyberattack’ - The Record from Recorded Future News Dutch Police Read Messages of Encrypted Messenger 'Exclu' Julius 'zeekill' Kivimäki, former Lizard Squad hacker, arrested in France - The Record from Recorded Future News New York attorney general fines developer of stalking apps - The Record from Recorded Future News Microsoft alleges attacks on French magazine came from Iranian-backed group | Ars Technica Hackers linked to North Korea targeted Indian medical org, energy sector - The Record from Recorded Future News Google Cuts Company Protecting People From Surveillance To A ‘Skeleton Crew,’ Say Laid Off Workers Feds get guilty plea in Ubiquiti data extortion case - The Record from Recorded Future News For Hire: Ex-Ubiquiti Developer Charged With Extortion Microsoft notifies UK customers affected by hackers abusing ‘verified publisher’ tag - The Record from Recorded Future News Darknet drug market BlackSprut openly advertises on billboards in Moscow - The Record from Recorded Future News Toyota sealed up a backdoor to its global supplier management network | The Daily Swig
2/8/20230
Episode Artwork

Risky Business #693 -- Hive takedown is the beginning, not the end

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the Hive takedown UK’s Royal Mail still struggling GitHub’s code signing certificates stolen TSA misses the point on no-fly list theft Much, much more This week’s show is brought to you by Remediant, which is now a part of Netwrix. Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes U.S. Department of Justice Disrupts Hive Ransomware Variant | OPA | Department of Justice U.S. Department of Justice Disrupts Hive Ransomware Variant - YouTube Ransomware experts laud Hive takedown but question impact without arrests - The Record from Recorded Future News Royal Mail progressing to full operations following ransomware attack - The Record from Recorded Future News British government minister told council to keep quiet after ransomware attack - The Record from Recorded Future News The Untold Story of a Crippling Ransomware Attack | WIRED Russia blocks access to US ‘Rewards for Justice,’ FBI and CIA websites - The Record from Recorded Future News GitHub says hackers cloned code-signing certificates in breached repository | Ars Technica ESET: Sandworm could be behind new file-deleting malware targeting Ukraine - The Record from Recorded Future News TSA issues security directive to airports, carriers after 'no-fly' list leak - The Record from Recorded Future News U.S. No Fly list shared on a hacking forum, government investigating Chinese influence operations may lack critical element: influence | CyberScoop Cybercriminals scam two federal agencies via remote desktop tool, CISA warns | CyberScoop Kevin Rose loses pricey NFTs to wallet hack Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move NFT company gets restraining order to freeze hacker’s online wallet - The Record from Recorded Future News Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges | WIRED Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai Facebook two-factor authentication bypass issue patched | The Daily Swig AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse
2/1/20230
Episode Artwork

Risky Business #692 -- Google search results spew malware, phishing sites

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Google’s search results have become a malware-riddled sh*tshow Ransomware payment values dropped by 40% YoY in 2022 Kraken takes over Solaris the old school way Grand Theft Auto RCE is wreaking havoc ManageEngine customers are all getting owned So you know, pretty much business as usual This week’s show is brought to you by Kroll. Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Google Search and Ads have a major malware problem Justice Department Sues Google for Monopolizing Digital Advertising Technologies | OPA | Department of Justice Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner A Sneaky Ad Scam Tore Through 11 Million Phones | WIRED Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too International Counter Ransomware Task Force kicks off - The Record from Recorded Future News Risky Biz News: Dark web mega-hack as Kraken takes over Solaris Congressman ‘coming for answers’ after ‘no-fly list’ hack - The Record from Recorded Future News Hackers Demand $10M From Riot Games to Stop Leak of ‘League of Legends’ Source Code CVE - CVE-2023-24059 GoTo says hackers stole encrypted backups during November cyberattack - The Record from Recorded Future News Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack - The Record from Recorded Future News Pakistani authorities investigating if cyberattack caused nationwide blackout - The Record from Recorded Future News Royal Mail trials ‘operational workarounds’ following suspected ransomware attack - The Record from Recorded Future News Ransomware attack hits nearly 300 fast food restaurants in UK, including KFC and Pizza Hut - The Record from Recorded Future News Canada's largest alcohol retailer infected with card skimming malware twice since December - The Record from Recorded Future News Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack - The Record from Recorded Future News Samsung investigating claims of hack on South Korea systems, internal employee platform - The Record from Recorded Future News Electronic health record giant NextGen dealing with cyberattack - The Record from Recorded Future News Cyberattack on Nunavut energy supplier limits company operations - The Record from Recorded Future News More than 100 Mailchimp accounts accessed via social engineering cyberattack - The Record from Recorded Future News New T-Mobile Breach Affects 37 Million Accounts – Krebs on Security Suspected Chinese hackers exploit vulnerability in Fortinet devices - The Record from Recorded Future News More than 4,400 Sophos firewall servers remain vulnerable to critical exploits | Ars Technica CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog AWS patches bypass bug in CloudTrail API monitoring tool | The Daily Swig 2022 Microsoft Teams RCE Git security audit reveals critical overflow bugs | The Daily Swig U.S. arrests Bitzlato cofounder, alleges $700 mln of illicit funds processed | Reuters FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft — FBI
1/25/20230
Episode Artwork

Risky Biz Soap Box: Tools alone won't solve your vuln management problems

In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.
1/25/20230
Episode Artwork

Risky Business #691 -- LockBit and "Pablo Escobar syndrome"

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Royal Mail attack was LockBit and GCHQ will probably “bust some heads” CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age Cloudflare backs Mastodon Paul Nakasone: NSA did some great stuff! It was really good! Cisco won’t patch SMB routers sold in 2020 Much, much more This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Royal Mail cyberattack linked to LockBit ransomware operation Ransomware Diaries: Volume 1 | Analyst1 Congressman calls on CISA to investigate air travel vulnerabilities after outage - The Record from Recorded Future News Ransomware attack on maritime software impacts 1,000 ships - The Record from Recorded Future News CircleCI incident report for January 4, 2023 security incident Researchers: Large language models will revolutionize digital propaganda campaigns Nick Cave - The Red Hand Files - Issue #218 GitHub - cloudflare/wildebeest: Wildebeest is an ActivityPub and Mastodon-compatible server Meta sues Voyager Labs over scraping user data Twitter says leaked data on 200 million users was likely publicly available info - The Record from Recorded Future News A Police App Exposed Secret Details About Raids and Suspects | WIRED ODIN Intelligence website is defaced as hackers claim breach | TechCrunch Nakasone: Foreign surveillance program helped fend off cyberattacks - The Record from Recorded Future News The Guardian confirms criminals accessed staff data in ransomware attack - The Record from Recorded Future News Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach - The Record from Recorded Future News Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations The FBI Won't Say Whether It Hacked Dark Web ISIS Site Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks - The Record from Recorded Future News Cisco warns of two vulnerabilities affecting end-of-life routers - The Record from Recorded Future News Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica Vulnerability with 9.8 severity in Control Web Panel is under active exploit | Ars Technica CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog - The Record from Recorded Future News Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica
1/18/20230
Episode Artwork

Risky Business #690 -- 2023 will be a rough year for critical online services

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes: Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem Why automotive security research will actually be interesting this year PLUS: A bunch of random news! This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff! Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig LastPass: Hackers accessed and copied customers’ password vaults - The Record from Recorded Future News GitHub incident allowed attacker to copy Okta's source code - The Record from Recorded Future News Supreme Court dismisses spyware company NSO Group’s claim of immunity - The Record from Recorded Future News Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans - The Record from Recorded Future News Iran’s support of Russia draws attention of pro-Ukraine hackers - The Record from Recorded Future News Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it - The Record from Recorded Future News CISA researchers: Russia's Fancy Bear infiltrated US satellite network Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine Military operations software in Ukraine was hit by Russian hackers - The Record from Recorded Future News New supply chain attack targeted Ukrainian government networks - The Record from Recorded Future News Moldovaʼs government hit by flood of phishing attacks - The Record from Recorded Future News Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation | Ars Technica Cyber Command conducted offensive operations to protect midterm elections - The Record from Recorded Future News Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record from Recorded Future News British company that helps make semiconductors hit by cyber incident - The Record from Recorded Future News Port of Lisbon website still down as LockBit gang claims cyberattack - The Record from Recorded Future News SickKids: 80% of hospital priority systems back online after LockBit ransomware attack - The Record from Recorded Future News Canada's largest children's hospital struggles to recover from pre-Christmas ransomware attack - The Record from Recorded Future News Canadian copper mine suffers ransomware attack, shuts down mills - The Record from Recorded Future News Los Angeles housing authority says cyberattack disrupting systems - The Record from Recorded Future News The Guardian contacts data protection regulator after suspected ransomware incident - The Record from Recorded Future News Australian fire service operating 85 stations shuts down network after cyberattack - The Record from Recorded Future News San Francisco BART investigating ransomware attack - The Record from Recorded Future News Hackers leak sensitive files following attack on San Francisco transit police New U.S. cyber strategy will require critical infrastructure companies to protect against hacks - The Washington Post Car hackers discover vulnerabilities that could let them hijack millions of vehicles Compromised dispatch system helped move taxis to front of the line | Ars Technica Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots Cybercriminals’ latest grift: powdered milk and sugar by the truckload - The Record from Recorded Future News This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists - The Record from Recorded Future News Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure. - The Record from Recorded Future News Key bitcoin developer calls on FBI to recover $3.6M in digital coin | Ars Technica Chick-fil-A acknowledges customer account abuse but denies compromise of internal systems - The Record from Recorded Future News Microsoft ends Windows 7 security updates | TechCrunch
1/11/20230
Episode Artwork

Risky Business #689 -- FBI baulks at Apple's iCloud encryption push

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Apple to introduce user-encrypted backups, FBI is sad Twitter ices e2ee plans for DMs RackSpace is getting sued over its hosted Exchange ransomware incident Dodgy driving: Microsoft signs some shady stuff Japan to change laws, release the Shibas A look at the US NDAA Much, much more This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Apple Expands End-to-End Encryption to iCloud Backups | WIRED FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED Risky Biz News: Disgruntled member doxes and extorts URSNIF gang U.S. agency warns that hackers are going after Citrix networking gear | Reuters Police raid offices of Predator spyware seller Intellexa | eKathimerini.com $858 billion defense bill focuses heavily on cyber. These are some highlights. Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future ‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future LockBit ransomware crew claims attack on California Department of Finance PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED Internet Explorer 0-day exploited by North Korean actor APT37 Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED
12/14/20220
Episode Artwork

Risky Biz Soap Box: Attack Path Management is the New Hotness

In this sponsored podcast Patrick Gray and Ryan Kalember talk about Proofpoint’s acquisition of Illusive, a company that started off in the “deception” space and then moved towards doing attack path analysis and management. Show notes Proofpoint Signs Definitive Agreement to Acquire Illusive
12/13/20220
Episode Artwork

Risky Business #688 -- APT41 pickpockets Uncle Sam

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Samsung, LG Android signing keys pinched LastPass gets owned again APT41 steal covid relief money Amnesty International hacked in Canada Much, much more This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware Leaked Android Platform Certificates Create Risks for Users | Rapid7 Blog 100 - Platform certificates used to sign malware - apvi Hackers accessed LastPass customer details using information stolen in August hack - The Record by Recorded Future Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says Amnesty International breach linked to Chinese government, investigation finds - The Record by Recorded Future Iranian espionage campaign targets journalists, diplomats, activists, says Human Rights Watch - The Record by Recorded Future New details on commercial spyware vendor Variston ‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter - The Record by Recorded Future Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica ChatGPT shows promise of using AI to write malware - CyberScoop DHS cyber safety board to probe Lapsus$ hacks - The Record by Recorded Future Kris Nóva: "We are currently investigating…" - Hachyderm.io Hive Social turns off servers after researchers warn hackers can access all data | Ars Technica Spam is drowning out Twitter posts about Covid protests in China French hospital complex suspends operations, transfers patients after ransomware attack - The Record by Recorded Future Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen | SecurityWeek.Com Guatemala's Foreign Ministry investigating ransomware attack - The Record by Recorded Future Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald UK introducing mandatory cyber incident reporting for managed service providers - The Record by Recorded Future Florida Man Sentenced To 18 Months For Theft Of Over $20 Million In SIM Swap Scheme | USAO-SDNY | Department of Justice Binance freezes $3 million worth of crypto stolen in Ankr hack - The Record by Recorded Future Play app with 100K downloads booted for forwarding texts to developer server | Ars Technica Go SAML library vulnerable to authentication bypass | The Daily Swig Okta and Phishing Resistant Authentication - YouTube
12/7/20220
Episode Artwork

Risky Business #687 -- Shady deeds in sunny places: Ransomware smashes Vanuatu, Guadeloupe

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: UK, USA ban Chinese security cameras What is the Boa webserver and why is it everywhere? Vanuatu, Guadeloupe smashed by ransomware REvil back with more dumps despite ASD attention Much, much more This week’s sponsor guest is Jake King from Elastic Security, who joins us to talk through the company’s most recent threat report. There’s a link to the report in our show notes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes British government bans Chinese surveillance cameras from sensitive locations - The Record by Recorded Future US government bans Huawei, ZTE and Hikvision tech over ‘unacceptable’ spying fears | TechCrunch What if Russian commercial aviation cuts too many safety corners? — Meduza Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability - The Record by Recorded Future U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer – Krebs on Security Guadeloupe kickstarts continuity plan after wide-ranging cyberattack - The Record by Recorded Future Vanuatu hospital staff using pen and paper after cyber attack that crippled public sector - ABC News Extortion site used in Medibank attack goes offline after Australian gov pledges ‘offensive’ actions - The Record by Recorded Future ThreatMon Ransomware Monitoring on Twitter: Risky Biz News: Australia passes new privacy bill with huge data breach fines Sandworm hacking group linked to new ransomware deployed in Ukraine - The Record by Recorded Future UK Parliament launches inquiry into national security strategy around ransomware - The Record by Recorded Future Canadian food giant refuses to pay ransom after gang threatens data leak - The Record by Recorded Future Almost 1,000 suspects arrested in Interpol operation which seized over $129 million - The Record by Recorded Future Risky Biz News: Authorities seize iSpoof in major blow to fraudsters and cybercrime groups Espionage group using USB devices to hack targets in Southeast Asia - The Record by Recorded Future WikiLeaks' Website Is Slowly Falling Apart European Parliament declares Russia a terrorism sponsor, then its site goes down | Ars Technica Hackers are spreading malware via trending TikTok challenge: report - The Record by Recorded Future Samantha Borrego iS iNfeCtEd noT pArAnOID on Twitter: elastic-global-threat-report-vol-1-2022.pdf
11/30/20220
Episode Artwork

Risky Business #686 -- White House to move on spyware industry

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Half of all UK COBRA meetings are ransomware related Ransomware biggest risk to US port security White House to move on spyware industry EU to launch its own Starlink equivalent Much, much more AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future DHS Secretary: Cyberattacks are the most significant threat to port infrastructure - The Record by Recorded Future Michigan school districts reopen after three-day closure due to ransomware attack - The Record by Recorded Future Microsoft: Royal ransomware group using Google Ads in campaign - The Record by Recorded Future Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security Risky Biz News: Cyber Partisans hack and disrupt Kremlin censor US, Estonian authorities arrest two over $575 million cryptocurrency fraud - The Record by Recorded Future New FTX CEO details 'complete failure of corporate controls' at crypto platform OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs EU reaches agreement on new satellite constellation - The Record by Recorded Future Ukraine’s Engineers Dodged Russian Mines To Get Kherson Back Online–With A Little Help From Elon Musk’s Satellites Senate Democrats call on FTC to investigate Twitter's data security 11.17.22 - FTC - Twitter Letter Twitter has a lot of your data. Here's what you can do about it. Mastodon vulnerable to multiple system configuration problems | The Daily Swig System misconfiguration is the number one vulnerability, at least for Mastodon White House expected to issue executive order reining in spyware H20220930-005_Himes-Speier cc's - DocumentCloud A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup | WIRED Risky Biz News: Iranian state hackers breached US government agency and deployed a cryptominer, out of all things India removes ban on VLC media player after cybersecurity concerns addressed - The Record by Recorded Future Amazon addresses vulnerability affecting AWS AppSync - The Record by Recorded Future CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA
11/23/20220
Episode Artwork

Risky Biz Soap Box: How to get your developers invested in security

In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code. Show notes The Big Fix | Snyk
11/21/20220
Episode Artwork

Risky Business #685 -- Australia releases the hounds, and it might just work

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one) Twitter’s wheels haven’t fallen off yet but they sure are wobbling Hundreds of millions stolen from FTX mid implosion Security researchers start looking at Mastodon and… yeah Much, much more! This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Australia to hack the hackers Australia to consider banning ransomware payments - The Record by Recorded Future Two enormous cyberattacks convince Australia to 'hack the hackers' - The Washington Post Australian Federal Police say cybercriminals in Russia behind Medibank hack - The Record by Recorded Future The Hunt for the FTX Thieves Has Begun | WIRED US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program - The Record by Recorded Future Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff Twitter’s Security And Privacy Leaders Quit Amidst Musk’s Chaotic Takeover FTC tracking developments at Twitter with 'deep concern' after CISO resigns - The Record by Recorded Future Mastodon users vulnerable to password-stealing attacks | The Daily Swig Risky Biz News: Major hack-and-leak info-op unfolding in Moldova All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries | Symantec Enterprise Blogs Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers - The Record by Recorded Future Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Google Pixel screen-lock hack earns researcher $70k | The Daily Swig DJ Zavala & DMNTED - Welcome to Ukraine - YouTube
11/16/20220
Episode Artwork

Risky Business #684 -- DoJ seizes 50,000 stolen bitcoins from popcorn tin

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar’s $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week’s sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless’: how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity’ - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK
11/9/20220
Episode Artwork

Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Twitter’s verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica
11/2/20220
Episode Artwork

Snake Oilers: Truffle Security, KSOC and Snyk

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Truffle Security talks secrets discovery KSOC builds Kubernetes security tools Snyk has a new product to better secure Infrastructure as Code Show notes Unearth Your Secrets - Truffle Security KSOC: Kubernetes Security Operations Center Cloud Security across the SDLC with Policy as Code | Snyk
10/19/20220
Episode Artwork

Snake Oilers: Tines, Code42 and Kroll

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Tines, the no code security automation solution that people are going absolutely nuts over Code42, the insider threat detection solution maker Kroll talks about its MDR offering
10/14/20220
Episode Artwork

Risky Business #682 -- Starlink goes dark on Ukraine's front line

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you United States puts chipmaking restrictions on China, APT activity is coming Elon blinks and Starlink goes dark on Ukraine’s front line Master cyber criminal arrested in Australia Much, much more This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO Joe Sullivan guilty in Uber hacking case - The Washington Post Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict - The Record by Recorded Future U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post Popular censorship circumvention tools face fresh blockade by China | TechCrunch 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK Risky Biz News: China blocks several protocols used to bypass the Great Firewall Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud Starlink goes dark Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future Someone is clogging up the Zcash blockchain with a spam attack Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains
10/12/20220
Episode Artwork

Risky Business #681 -- It's Exchangehog Day

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: More Exchange 0days cause more havoc A look at some earlier Exchange hack incidents How the CIA got its agents killed with its truly awful online opsec Ex NSA staffer arrested for espionage Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future CISA: Multiple government hacking groups had ‘long-term’ access to defense company - The Record by Recorded Future Mexican president confirms ‘Guacamaya’ hack targeting regional militaries - The Record by Recorded Future Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter Numerous orgs hacked after installing weaponized open source apps | Ars Technica 'Poisoned' Tor Browser tracks Chinese users' online history, location Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying | WIRED A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED LA officials confirm ransomware group leaked students’ personal data - The Record by Recorded Future Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security House Democrats debut new bill to limit US police use of facial recognition | TechCrunch EP000: Operation Aurora | HACKING GOOGLE - YouTube
10/5/20220
Episode Artwork

Risky Biz Soap Box: Why Microsoft's Smart Application Control is very strange

In this Soap Box podcast Patrick Gray interviews Airlock Digital CTO Daniel Schell and CEO David Cottingham about Microsoft’s new Smart Application Control feature, why controlling browser extensions via endpoint instrumentation is really hard and why PAM solutions don’t actually do allowlisting, even if they claim they do.
9/29/20220
Episode Artwork

Risky Business #680 -- Uber, Rockstar Games hacker arrested

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Lapsus$’s Teapot arrested by UK police Optus hacker issues grovelling apology after feeling AFP and ASD heat Ukraine claims Russia is planning massive attacks on its infrastructure RSOCKS bot herder begs for extradition to USA Russians scammed when seeking military service exemptions Much, much more This week’s show is sponsored by Votiro. Ravi Srinivasan, Votiro’s CEO, joins the show this week to talk about how people are using content disarm and reconstruction. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes British teen arrested in hacking case Australian cybersecurity minister lambasts Optus for ‘unprecedented' hack - The Record by Recorded Future CISA: Iranian hackers spent 14 months in Albanian gov’t network before launching ransomware - The Record by Recorded Future Iran shutters mobile networks, Instagram, WhatsApp amid protests - The Record by Recorded Future US Treasury carves out Iran sanctions exceptions for internet providers - The Record by Recorded Future Signal Is Asking People Around the World to Help Iranians Access the Encrypted App Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine | WIRED Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service Russia plans “massive cyberattacks” on critical infrastructure, Ukraine warns | Ars Technica Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. – Krebs on Security Сбербанк предупредил о мошенничестве с продажей якобы "белых" военников - РИА Новости, 26.09.2022 SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000 | Ars Technica The record-setting DDoSes keep coming, with no end in sight | Ars Technica International conflicts driving increased strength of DDoS attacks: report - The Record by Recorded Future Tarfile path traversal bug from 2007 still present in 350k open source repos | The Daily Swig
9/28/20220
Episode Artwork

Risky Business #679 -- A look at Uber's very bad week

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at how Uber got owned so hard Why cleartext cookie storage in Microsoft Teams’ Electron-based app is actually a big deal Russian official: Starlink is a legitimate military target Wagner mercs get doxxed Kiwi Farms having a bad time Much, much more In this week’s sponsor interview we’ll be chatting to Nucleus’s CEO Steve Carter about CISA’s KEV list. He has feelings about the KEV list – they’re mostly positive, but he also has a few reasonable gripes and he joins me to talk about them. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation - The Record by Recorded Future Uber confirms it is investigating cybersecurity incident - The Record by Recorded Future Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars Technica SharpTongue Deploys Clever Mail-Stealing Browser Extension "SHARPEXT" | Volexity Hacking group focused on Central America dumps 10 terabytes of military emails, files Securing the Supply Chain of Nothing | Kelly Shortridge Russia Makes Veiled Threat to Destroy SpaceX's Starlink Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group Fears grow of Russian spies turning to industrial espionage - The Record by Recorded Future Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress CISA floats plan to partner with local universities for '311' cyberattack triage service - The Record by Recorded Future Breach of software maker used to backdoor ecommerce servers | Ars Technica Kiwi Farms has been breached; assume passwords and emails have been leaked | Ars Technica (8) Kevin Beaumont on Twitter: "The saga continues - there was (also?) a script injected for a month on Kiwi Farms called Troonshine, gathering information and credentials from user’s systems, posting it to “https://t.co/XnrUu4t3sd”. They look very, very owned. https://t.co/kxdR8kxtC1" / Twitter Pentagon reviews psychological operations amid Facebook, Twitter complaints - The Washington Post Bosnia and Herzegovina investigating alleged ransomware attack on parliament - The Record by Recorded Future Botched Crypto Mugging Lands Three U.K. Men in Jail – Krebs on Security Cryptocurrency company Wintermute says hackers stole $160 million - The Record by Recorded Future Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police
9/21/20220
Episode Artwork

Risky Biz Soap Box: Haroon Meer on "sensitive command tokens"

In this edition of the Soap Box podcast Patrick Gray talks to Haroon Meer about Thinkst Canary’s new sensitive command token. It’s a great way to detect intruders on your Windows systems. Haroon also talks about how to use canaries strategically. Show notes Canaries as Network Motion Sensors Sensitive Command Token - So much offense in my defense
9/15/20220
Episode Artwork

Risky Business #678 -- Iranians Gone Wild

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Albania suffers under another crippling Iranian attack Iran’s APT42 using clever, multi-persona phishing State Department cyber snitching program paying off Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump Mudge fronts US Senate Judiciary Committee Much, much more… This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO is this week’s sponsor guest and he talks about why they’ve pushed their Inception platform beyond YARA hunting. You can see a demo of Inception on our YouTube product demo page. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Albania-Iran cyber drama far from over US sanctions Iran intelligence agency over Albania cyberattack - The Record by Recorded Future Tom Uren on Cyber Embuggerance Iranian military using spoofed personas to target nuclear security researchers - The Record by Recorded Future Iranian hackers spy on journalists and government officials, researchers warn - The Record by Recorded Future FBI, DOJ defend ‘offensive’ actions against Chinese, Russian operations - The Record by Recorded Future State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says More than $30 million seized from North Korean hackers involved in Axie crypto-theft - The Record by Recorded Future $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit - Chainalysis Twitter whistleblower testifies to Congress, calls for tech regulation reforms - The Record by Recorded Future Twitter whistleblower testifies before Senate Former NSA Head Keith Alexander Accused of Pump-and-Dump Scheme Google: Conti repurposing tools for Ukraine attacks using Follina bug, Musk impersonation - The Record by Recorded Future Pro-Ukraine hackers claim attack on Russian TV broadcasts - The Record by Recorded Future Initial access broker or ransomware gang has 'exclusive' access to Mitel zero-day exploit: report - The Record by Recorded Future Cyberattacks against U.S. hospitals mean higher mortality rates, study finds Buenos Aires legislature announces ransomware attack - The Record by Recorded Future Ransomware attack knocked a Kentucky city-operated ISP offline before holiday - The Record by Recorded Future Ransomware attacks on retail increase, average retail payment grows to more than $200K - The Record by Recorded Future Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan - The Record by Recorded Future Patreon security team layoffs cause backlash in creator community This Clever Anti-Censorship Tool Lets Russians Read Blocked News | WIRED Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED Catalin Cimpanu on Twitter: "They're still recruiting, btw" / Twitter Cyberfella on Twitter: "@campuscodi Please convince Patrick to have a segment about NAFO named "Shitposting Dogs on the Bird App are making Vatniks Seethe and Cope" on the next riskybizz ep 🙏🙏🙏" / Twitter ironnet chart - Google Search Stairwell's Inception Platform - YouTube Все Буде Україна (Everything Will Be Ukraine) - YouTube Pink Floyd - Hey Hey Rise Up (feat. Andriy Khlyvnyuk of Boombox) - YouTube PROBASS ∆ HARDI - GOOD EVENING (WHERE ARE YOU FROM?) - YouTube
9/14/20220
Episode Artwork

Risky Business #677 -- A day late and a dollar short: China doxxes NSA op

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: China’s super spies figure out Rob Joyce ran TAO ops FBI, French authorities fly to Montenegro to investigate ransomware attack NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers SIM swap drama spills into real world shootings, firebombings Yandex Taxi hack clogs Moscow streets The TikTok breach that wasn’t Project Raven veterans get wings clipped Why recent BGP hijacks are getting a bit concerning Much, much more This week’s show is brought to you by Corelight, the company that maintains Zeek. Corleight’s Federal CTO Jean Schaffer joins us in this week’s sponsor interview to talk about whether or not the White House’s executive order on Zero Trust is actually changing anything. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Exclusive: Evidence shows US’ NSA behind attack on email system of leading Chinese aviation university - Global Times Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter Patrick Gray on Twitter: "Great thread" / Twitter FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future Chile says gov’t agency struggling with ransomware attack - The Record by Recorded Future Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future Ransomware Gang Accessed Water Supplier’s Control System Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter Criminal hackers targeting K-12 schools, U.S. government warns QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future Cloudflare Suggests It Won’t Cut Off Anti-Trans Stalking Forum Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times TikTok denies security breach after hackers leak user data, source code Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium nanog: Yet another BGP hijacking towards AS16509 A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED WatchGuard firewall exploit threatens appliance takeover | The Daily Swig Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43 – Naked Security DownUnderCTF
9/7/20220
Episode Artwork

Risky Business #676 -- Okta, Authy users among Twilio hack targets

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The Twilio breach was actually a big deal How a Belarusian Cyber Partisans hack burned a GRU illegal Who wants 25m hashed passwords from Russia? An NFT we can get behind How attackers are using game anti-cheat drivers to defeat EDR Much, much more This week’s sponsor interview is with Mike Benjamin, the VP of security research at Fastly. He pops in to argue that your red team needs to actually consider how your apps will cope with bot-driven attacks. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Why the Twilio Breach Cuts So Deep | WIRED Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others | Ars Technica The number of companies caught up in recent hacks keeps growing | Ars Technica How 1-Time Passcodes Became a Corporate Liability – Krebs on Security (1) Christo Grozev on Twitter: "We first noticed her thanks to a super useful database shared with us by @cpartisans: the border crossing records of Belarus. We knew the passport ranges of GRU and FSB spies, so we decided to search in that data-set by partial matches, leaving the last 3 digits out as wildcards." / Twitter (1) Belarusian Cyber-Partisans on Twitter: "🧵1/3🔥For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens. Now we're offering you an opportunity to become a part of this history 😎. Get a unique digital version of #lukashenka passport as #NFT https://t.co/gOlWdoUehi https://t.co/RxdWpBqA8f" / Twitter A huge Chinese database of faces and vehicle license plates spilled online | TechCrunch Leading Russian streaming platform suffers data leak allegedly impacting 44 million users - The Record by Recorded Future Plex imposes password reset after hackers steal data for >15 million users | Ars Technica Montenegro struggles to recover from cyberattack that officials blame on Russia - The Record by Recorded Future Patrick Gray on Twitter: "https://t.co/DOFdMExsPe" / Twitter European data privacy watchdogs grill Twitter over Mudge security claims - The Record by Recorded Future Google announces open source vulnerability reward program after Log4j, Codecov issues - The Record by Recorded Future Google Online Security Blog: Announcing Google’s Open Source Software Vulnerability Rewards Program Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware' - The Record by Recorded Future LockBit ransomware group implicated in crippling attack on French hospital - The Record by Recorded Future Major U.S. library service confirms ransomware attack, struggling to restore affected systems - The Record by Recorded Future China-linked hackers target organizations operating in South China Sea - The Record by Recorded Future Chinese hackers zero in on Australian manufacturers, wind turbine operators FTC sues data broker that tracks locations of 125M phones per month | Ars Technica FCC launches investigation into mobile carriers’ geolocation data practices - The Record by Recorded Future Most top mobile carriers retain geolocation data for two years on average, FCC findings show - CyberScoop Buddle co-accused one of 50 alleged criminals preparing challenge to police sting Researchers discover sprawling pro-U.S. social media influence campaign Unheard Voice: Evaluating five years of pro-Western covert influence operations Rights groups, company leaders decry silence over VLC player ban in India - The Record by Recorded Future
8/31/20220
Episode Artwork

Risky Business #675 -- The problem with Mudge's whistleblowing complaint

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A deep look at Mudge’s sensational whistleblower complaint against Twitter Brazilian Federal Police raid Lapsus$ crew NSO CEO to stand down (again), 100 staff to be let go Signal users impacted in Twilio incident Tornado Cash OFACs around and finds out Much, much more This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED TikTok Says, No, It Isn't Stealing Your Passwords Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future Israeli spyware company NSO Group CEO steps down | Reuters How a Third-Party SMS Service Was Used to Take Over Signal Accounts VIASAT hack impacted French critical services | Cybernews DOJ now relies on paper for its most sensitive court documents, official says Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury OFAC Around and Find Out - Lawfare Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future Risky Biz News: Is ransomware going after the Global South? Sure looks like it! Ransomware Now Threatens the Global South | Royal United Services Institute Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future Breaking SIDH in polynomial time Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future North Korea-backed hackers have a clever way to read your Gmail | Ars Technica When Efforts to Contain a Data Breach Backfire – Krebs on Security Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future Anonymous poop gifting site hacked, customers exposed
8/24/20220
Episode Artwork

Risky Biz Soap Box: Okta's Brett Winterford on session cookie theft and mitigations

In this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking
8/9/20220
Episode Artwork

Risky Business #674 -- "Free money" exploit spawns $150m blockchain feeding frenzy

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Taiwanese websites hit with DDoS attacks as Pelosi begins visit 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica Federal court system suffered previously undisclosed breach, congressional committee says Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria Eavesdropping probe finds Israeli police exceeded authority | AP News Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future On security researcher's newsletter, exposing cybercriminals behind ransomware Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future
8/3/20220
Episode Artwork

Risky Business #673 -- When throwing computers into a woodchipper is standard IR

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Entrust being ransomwared is good news UEFI bootkits turn hardware into landfill Microsoft resumes macro blocking rollout Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea Much, much more This week’s sponsor guest is Paul “The Voice” Lanzi of Remediant. He’s popping along to talk about the emergence of a new product category – Identity Threat Detection and Response, or ITDR. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Italy investigating ransomware attack on tax agency - The Record by Recorded Future IT security giant Entrust says it's investigating alleged June data breach - The Record by Recorded Future Microsoft resuming default block of Office VBA macros - The Record by Recorded Future Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors | Federal Public Service Foreign Affairs Cyber Command shares bevy of new malware used against Ukraine - The Record by Recorded Future Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health Congress goes after spyware purveyors. Will it make a difference? Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future TSA unveils updated cybersecurity regulations of oil and gas pipelines - The Record by Recorded Future Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED Federal privacy legislation progresses, but concerns about data brokers loom China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues - The Record by Recorded Future T-Mobile reaches historic $350 million settlement in 2021 data breach - The Record by Recorded Future Former Coinbase Manager Arrested by Feds for Alleged Insider Trading Cisco patches dangerous bug trio in Nexus Dashboard | The Daily Swig Atlassian patches batch of critical vulnerabilities across multiple products | The Daily Swig Hardcoded password in Confluence app has been leaked on Twitter | Ars Technica
7/27/20220
Episode Artwork

Risky Business #672 -- "Expected behaviour" is in the eye of the beholder

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the DHS Cyber Safety Review Board’s Log4j report Joshua Schulte no longer the “alleged” Vault7 leaker Chinese APT crews targeted US political journalists before Jan 6 Ransomware gangs make leak sites searchable Why recovering plaintext passwords from Okta is expected behaviour US Government seizes North Korean ransomware payment Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’ Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future Who-is-Trickbot.pdf A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security Risky Biz News: Google removes app permissions from the Play Store Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica ‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com Okta Response to Security Report | Okta DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future Colorado police investigating ransomware attack on small town - The Record by Recorded Future Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future MiCODUS MV720 GPS tracker | CISA Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware Are blockchains decentralized? | Trail of Bits Blog Announcing the new Trail of Bits podcast | Trail of Bits Blog GitHub - trailofbits/it-depends: A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
7/20/20220
Episode Artwork

Risky Business #671 -- The case for an American-owned NSO Group

On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including: Why an American defence contractor acquiring NSO Group would be a nonproliferation win A look at Microsoft’s botched macro measures iPhone’s Lockdown Mode Ukraine goes big on Yubikeys Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash Much, much more This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem. NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine. Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing. Show notes L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA North Korea is targeting hospitals with ransomware, U.S. agencies warn Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future Chinese Hackers Targeting Russian Government and Telcos DeFi Hacker Returns $8m Millions in Cryptocurrency Stolen in Phishing Attacks
7/13/20220
Episode Artwork

Risky Biz Soap Box: Running a global vulnerability management program

Today’s soap box is brought to you by Nucleus Security. Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc. If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos page, I’ve linked through to it in the show notes for this podcast. Our guest in this episode is Scott Kuffer, co-founder of Nucleus, and the topic is running a vulnerability management program in a very large enterprise. Show notes Nucleus Security Product Demo on Risky Biz YouTube Channel
7/11/20220
Episode Artwork

Risky Business #670 -- China's world record data breach

On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including: A billion records leaked in China China to develop desktop operating system HackerOne fires insider for stealing hackers’ work and bounties FSB officer charged with stealing hacker’s bitcoin Why Microsoft is wrong on Russia and Ukraine Much, much more Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain. Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing. Show notes Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters China lured graduate jobseekers into digital espionage | Ars Technica Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised (2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС Cybersecurity experts question Microsoft's Ukraine report (4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future State unemployment, jobs services down around the country after cyberattack NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future Nucleus Security's vulnerability management platform - YouTube Explore Atomic Red Team
7/6/20220
Episode Artwork

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "🎉" / Twitter
6/29/20220
Episode Artwork

Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions. But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.
6/26/20220
Episode Artwork

Risky Business #668 -- Microsoft is hiding its Azure security problems

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency’s audio recordings Much, much more This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice MPs back quiet diplomacy in Assange case Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica Microsoft’s Vulnerability Practices Put Customers At Risk | LinkedIn Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future Telegram: Contact @tass_agency Microsoft pulls Windows 10 and 11 in Russia • The Register DDoS Attacks Delay Putin Speech at Russian Economic Forum Russia warns of a “military clash” if it’s hit by US cyberattacks - The Record by Recorded Future Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post Srsly Risky Biz: Friday June 17 - by Tom Uren Suspect in hacking Russian customs detained in Moscow String of attacks on French telecom infrastructure preceded April attack on fiber optic cables Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future Ukrainian cybersecurity officials disclose two new hacking campaigns Police Linked to Hacking Campaign to Frame Indian Activists | WIRED INTERPOL raids hundreds of scammy call centers in sweep A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED Ranking The World's Angriest Scammers - 10/10 Rage - YouTube MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it The tale of a whale who took Solend’s money – Amy Castor
6/22/20220
Episode Artwork

Risky Business #667 -- "Shields Up" for cyber's forever war

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple’s passkey release foreshadows FIDO mass adoption Much, much more This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News White House: cyber activity not against Russia policy | Reuters 'Shields Up': the new normal in cyberspace Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022 «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru Киев использовал против России новый принцип кибератак - Ведомости Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022 FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant Risky Biz News: LockBit-Mandiant drama, explained How Binance became a hub for hackers, fraudsters and drug sellers Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore. Fed cyber officials detail Chinese state hackers using common exploits against telcos Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED Zero-Day Exploitation of Atlassian Confluence | Volexity Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter NFT insider trading charges filed against former OpenSea employee Nate Chastain Detecting BPFDoor backdoor payload | Elastic
6/13/20220
Episode Artwork

Risky Business #666 -- The msdt RTF of DOOM

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube
5/31/20220
Episode Artwork

Risky Business -- #665 You can ransomware whole countries now

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited’ after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW’s Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large’ org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary
5/25/20220
Episode Artwork

SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns

The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.
5/20/20220
Episode Artwork

Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you

In this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.
5/18/20220
Episode Artwork

Risky Business #664 -- The Spanish Prime Minister got Pegasus'd

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Spanish PM’s phone infected by Pegasus Microsoft drops Ukraine research report We can’t make heads or tails out of the FBI’s transparency report France hit with coordinated fibre sabotage campaign Why Musk’s algorithm pledge is meaningless Much, much more This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Spyware attack targeted Spanish prime minister’s phone - The Record by Recorded Future Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ | Spain | The Guardian Russia’s hackers and military went after the same targets in Ukraine, Microsoft says Russia Is Being Hacked at an Unprecedented Scale | WIRED Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future 2022_ASTR_for_CY2020_FINAL.pdf Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans’ Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities Who tried to hack Hawaii’s undersea cable? - The Record by Recorded Future Nauru police emails leaked to protest against Australia's offshore detention Fighting Fake EDRs With ‘Credit Ratings’ for Police – Krebs on Security Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline Musk's plans to make Twitter's algorithms public raises disinformation conundrum Elon Musk’s Plan to Open Source the Twitter Algorithm Won’t Solve Anything | WIRED Kronos cyber attack sparks lawsuits against employers | BenefitsPRO German wind farm operator confirms cybersecurity incident - The Record by Recorded Future German library service struggling to recover from ransomware attack - The Record by Recorded Future Trinidad’s largest supermarket chain crippled by cyberattack - The Record by Recorded Future Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future Crypto Hackers Stole More Than $370 Million In April Alone Airlock Digital Demo - YouTube Risky Business News | Patrick Gray | Substack
5/4/20220
Episode Artwork

Risky Business #663 -- Israel cracks down on spyware exports

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Israel Ministry of Defence is denying a lot of spyware export licences Private detective in New York pleads guilty over BellTroX shenanigans Scammers enrol stolen credit cards into Apple Pay The Blackcat ransomware crew is very active right now VirusTotal shells lol Much, much more This week’s sponsor interview is with Okta’s Brett Winterford, who talks in detail about the company’s brush with the Lapsus$ hacking crew. It’s unusual for a sponsor interview to be a must listen, but here we are. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Export controls strangling Israel's cyberattack industry - Globes Israeli charged in global hacker-for-hire scheme pleads guilty | Reuters Criminals Abuse Apple Pay in Spending Sprees Wealthy cybercriminals are using zero-day hacks more than ever | MIT Technology Review Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security FBI: 60 organizations worldwide hit with BlackCat/ALPHV ransomware - The Record by Recorded Future FBI warns agricultural sector of heightened risk of ransomware attacks Russia's war on Ukraine making life difficult for Russian cybercriminals In a first, Treasury Department sanctions major cryptocurrency mining firm Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA (6) Rewards for Justice on Twitter: "REWARD! Up to $10M for information on 6 Russian GRU hackers. They targeted U.S. critical infrastructure with malicious cyber ops. Send us info on their activities via our Dark Web-based tips line at: https://t.co/WvkI416g4W https://t.co/oZCKNHU3fY https://t.co/u1NMAZ9HQl" / Twitter Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure – Rewards For Justice From the front lines of ‘the first real cyberwar’ - The Record by Recorded Future CySource virus total blog (3) Bernardo Quintero on Twitter: "for transparency purposes, this was my internal reply on May 21, 2021 at 03:09PM https://t.co/WR3QTRlxDc" / Twitter Critical bug could have let hackers commandeer millions of Android devices | Ars Technica Hot patch for Log4Shell vulnerability in AWS allowed full host takeover | The Daily Swig Major cryptography blunder in Java enables “psychic paper” forgeries | Ars Technica Brokers' sales of U.S. military personnel data overseas stir national security fears Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen A Crypto Entrepreneur Is on the Lam After Dev Jailed for North Korea Trip Okta Concludes its Investigation Into the January 2022 Compromise | Okta Risky Business News | Substack
4/27/20220
Episode Artwork

Risky Business #662 -- It's a bad month to be an electricity grid

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including: Ukraine foils Russian ICS hack US Government burns someone’s ICS toolkit China gets all up in India’s energy gridz The Heroku/Hithub/Travis CI story is very confusing US DOJ removes GRU malware from Watchguard boxes under Rule 41 North Korea behind $540m crypto hack Much, much more This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They’ll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator. Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing. Show notes Ukraine foiled Russian cyberattack that tried to shut down energy grid (4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter (4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Suspected Chinese hackers are targeting India's power grid Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post US says it disrupted Russian botnet 'before it could be weaponized' DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future 'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack The Original APT: Advanced Persistent Teenagers – Krebs on Security
4/21/20220
Episode Artwork

Snake Oilers: Vectra, Google Security and SecureStack

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company’s cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud’s Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google’s Cloud-Native SIEM Platform
4/13/20220
Episode Artwork

Risky Business #661 -- Viasat hack details firm up

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Spring4Shell isn’t all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing. And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Explaining Spring4Shell: The Internet security disaster that wasn’t | Ars Technica VMware sprung by Spring4shell vulnerability - Security - iTnews Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future VIASAT incident: from speculation to technical details. AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future The Belarus ‘railway rebels’, who dare stop Vladimir Putin’s invasion in its tracks German wind turbine maker shut down after cyberattack - The Record by Recorded Future Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig Two alleged Lapsus$ teens appear in London court IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica Notorious hacking group FIN7 adds ransomware to its repertoire NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future Debate erupts at news the White House may scale back DOD cyber-ops authorities Legislators rail against potential rollback of flexible DOD cyber powers ‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig Trend Micro warns of active attacks against Apex Central console | The Daily Swig Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica GitLab addresses critical account hijack bug | The Daily Swig Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future Bank that lacked basic security suffers predictable fate • The Register Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform
4/6/20220
Episode Artwork

Snake Oilers: PentesterLab, AttackForge and Sysdig

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Upskill your testers and developers with PentesterLab for US$20 a month Manage penetration tests and reporting with AttackForge How Sysdig can help herd your container cats (vuln management and detection for container environments) Show notes PentesterLab: Learn Web Penetration Testing: The Right Way AttackForge® - Penetration Testing Workflow Management, Productivity & Collaboration Tools Sysdig 2022 Cloud-Native Security and Usage Report: Stay on Top of Risks as You Scale – Sysdig
4/4/20220
Episode Artwork

Risky Business #660 -- Lapsus$ arrests, latest on Okta incident

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Some arrests of suspected Lapsus$ members in the UK Why the Okta incident is probably a fizzer Four FSB officers indicted over Triton/Trisis malware Kim Zetter interviewed Intrusion Truth Australian government to upsize ASD Wave bye bye to Finfisher Much, much more This week’s sponsor interview is with Mike Wiacek from Stairwell. Stairwell makes a product that catalogues the files in your environment and lets you slice and dice that data. That makes threat hunting pretty easy and Mike is joining the show this week to talk about why organisations of all stripes should be doing threat hunting. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal - BBC News Okta ‘identifying and contacting’ customers potentially affected by Lapsus$ breach - The Record by Recorded Future Okta revises original statement, says 366 customers affected by Lapsus$ breach - The Record by Recorded Future Okta apologizes for waiting two months to notify customers of Lapsus$ breach - The Record by Recorded Future Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show | TechCrunch DOJ unseals indictments of four Russian gov’t officials for cyberattacks on energy companies - The Record by Recorded Future Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide | OPA | Department of Justice Intrusion Truth - Five Years of Naming and Shaming China’s Spies ASD to double in size after $10bn cyber security funding boost - Security - iTnews How the Biden budget goes big on cyber - The Record by Recorded Future FBI, CISA advise 13,000 orgs to have 'low threshold' for reporting cyberattacks - The Record by Recorded Future Senate report examines REvil ransomware attacks on US firms - The Record by Recorded Future Senate ransomware investigation says FBI leaving victims in the lurch Surveillance software firm FinFisher declares insolvency - The Record by Recorded Future NSO refused Ukraine’s request for Pegasus spyware so it wouldn’t anger Russia - The Washington Post FCC puts Kaspersky on security threat list, says it poses “unacceptable risk” | Ars Technica Traffic at major Ukrainian internet service provider Ukrtelecom disrupted - The Record by Recorded Future An interview with the chief technical officer at Ukrtelecom - The Record by Recorded Future Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” – Krebs on Security North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets | Ars Technica Google releases emergency security update for Chrome users after second 0-day of 2022 discovered - The Record by Recorded Future Npm maintainers remove malicious packages after typosquatting attempt - The Record by Recorded Future ‘Spam Nation’ Villain Vrublevsky Charged With Fraud – Krebs on Security $2 million stolen from DeFi protocol Revest Finance, platform unable to reimburse victims - The Record by Recorded Future Flash loan attack on One Ring protocol nets crypto-thief $1.4 million | The Daily Swig More than $625 million stolen in DeFi hack of Ronin Network - The Record by Recorded Future Hackers Who Stole $50 Million in Crypto Say They Will Refund Some Victims
3/30/20220
Episode Artwork

Risky Biz Soap Box: Why allowlisting is ready for prime time

Airlock Digital co-founders Daniel Schell and Dave Cottingham join host Patrick Gray to talk about: What an effective allowlisting program looks like Why the third party allowlisting industry failed the first time What you can achieve with Microsoft tooling versus specialist tools How much effort is involved to do this right
3/24/20220
Episode Artwork

Risky Business #659 -- Okta and Microsoft meet LAPSUS$

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Okta’s somewhat awful comms around its LAPSUS$ incident Inside Microsoft’s brush with the same group How Elon Musk’s Starlink service is being used to drop bombs on Russian tanks US, UK governments warn of impending Russian cyberdoom Much, much more… This week’s sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It’s a topic that has come up a lot for us lately – ransomware has borderline sunk the current cyber insurance model as payments ballooned and payouts made a lot of insurers adjust premiums to the. But all is not lost – Paul says this blowup means the insurance industry is actually adapting and could wind up being a driver of better security practices. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Hackers hit authentication firm Okta, customers 'may have been impacted' | Reuters Updated Okta Statement on LAPSUS$ | Okta Microsoft investigating Lapsus$ claims of Bing, Cortana data theft - The Record by Recorded Future DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog U.K. echoes Biden warning on Russian cyberattacks - The Record by Recorded Future Statement by President Biden on our Nation’s Cybersecurity | The White House FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden's Russia cyberattack warning - CNNPolitics CISA, FBI warn of satellite network hacks following Viasat cyberattack - The Record by Recorded Future Specialist Ukrainian drone unit picks off invading Russian forces as they sleep | News | The Times China’s DJI And Its Billionaire Chief Put In An Awkward Spot As Both Sides In Ukraine War Use Its Drones Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk Catalin Cimpanu on Twitter: "Following the poisoning of the node-ipc npm package to sabotage systems in Belarus and Russia, Russia's NKTsKI cyber-security agency has told companies to use local repos for FOSS software, use older versions prior to the invasion, and audit new updates https://t.co/3PlKdXTfn1 https://t.co/EV25HBBZFN" / Twitter U.S. bars ex-spies from becoming 'mercenaries,' following Reuters series | Reuters Behold, a password phishing site that can trick even savvy users | Ars Technica Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED Scammers have 2 clever new ways to install malicious apps on iOS devices | Ars Technica New details emerge on prolific Conti-linked cybercrime group Trickbot is using MikroTik routers to ply its trade. Now we know why | Ars Technica Sandworm-linked botnet has another piece of hardware in its sights Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms - Decrypt Lawmakers Probe Early Release of Top RU Cybercrook – Krebs on Security A different way to do PAM -- Paul Lanzi, Remediant - YouTube
3/23/20220
Episode Artwork

Risky Business #658 -- Germany sounds alarm on Kaspersky software

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Germany issues stark warning to Kaspersky users Ukraine SATCOM hack keeps getting more interesting Russia to spin up its own CA, but it’s not what it seems Why the ransomware threat could get worse, then better Much, much more This week’s show is brought to you by Fastly. Kelly Shortridge, Fastly’s Senior Principal Product Technologist, joins the show this week to tell us what modern security actually looks like. Kelly is always fascinating so we were thrilled she was in the sponsor chair this week. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes German government issues warning about Kaspersky products - CyberScoop Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters SATELLITE SYSTEMS, SATCOM AND SPACE SYSTEMS UPDATE Russia to create its own security certificate authority, alarming experts Political fallout in cybercrime circles upping the threat to Western targets (2) Oleg Shakirov on Twitter: "Russia's deputy foreign minister says he hopes the Russian-U.S. dialogue on cyber security will be resumed in response to a question whether it has been frozen He adds that it can bring tangible results like the disruption of REvil https://t.co/m817WD80vr" / Twitter FinCEN warns ransomware proceeds could be part of Russia sanctions evasion Biden takes big step toward government-backed digital currency Ukrainian hackers say HackerOne is blocking their bug bounty payouts | TechCrunch (2) Techmeme on Twitter: "Sources: Apple and Google removed Kremlin critic Navalny's app in September after FSB agents came to homes of top execs and threatened to take them to prison (Washington Post) https://t.co/nqvtHmG1Ft https://t.co/gQCcnFhnyo" / Twitter Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware | The Daily Swig (2) ESET research on Twitter: "#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine 🇺🇦. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7 https://t.co/gVzzlT6AzN" / Twitter Ukraine facing major regional internet outages as Russian invasion continues Transparency Org Releases Alleged Leak of Russian Censorship Agency Denial-of-service attack knocked Israeli government sites offline The Lapsus$ Hacking Group Is Off to a Chaotic Start | WIRED Penny Arcade - Comic - Also Known As Blackmail Man charged with Kaseya hack extradited to the US - The Record by Recorded Future NetWalker ransomware affiliate extradited to the US - The Record by Recorded Future Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 | Ars Technica New method that amplifies DDoSes by 4 billion-fold. What could go wrong? | Ars Technica SEC weighs reporting requirements for publicly traded companies Biden signs cyber incident reporting bill into law - The Record by Recorded Future Join The Dept of Know_ Live! BAYRAKTAR-Official Song (english) - YouTube Product Demo: Proofpoint Nexus People Explorer - YouTube
3/16/20220
Episode Artwork

Risky Business #657 -- Belarus targets refugee data

On this week’s show Patrick Gray, Brian Krebs and Adam Boileau discuss the week’s security news, including: The Contileaks latest Belarus targeted refugee data. Was it behind the ICRC hack? How APT41 hacked America’s livestock SATCOM hack in Ukraine may bode ill for Musk Much, much more Material Security’s co-founder Ryan Noon is this week’s sponsor guest. He joins the show to talk about a few things, how the building blocks for a whole new generation of security tooling – like large-scale data crunching tech – is now just available off the shelf. He also talks us through an integration Material has done with a groovy new SOAR platform called Tines. Links to everything we discussed – and a YouTube demo of Material’s technology – are below. Show notes Conti Ransomware Group Diaries, Part I: Evasion – Krebs on Security Conti Ransomware Group Diaries, Part II: The Office – Krebs on Security Conti Ransomware Group Diaries, Part III: Weaponry – Krebs on Security Conti Ransomware Group Diaries, Part IV: Cryptocrime – Krebs on Security Christo Grozev on Twitter: "This is not the worst part. In the phone call in which the FSB officer assigned to the 41st Army reports the death to his boss in Tula, he says they've lost all secure communications. Thus the phone call using a local sim card. Thus the intercept. https://t.co/cgHHo7VaRi" / Twitter Cloudflare not fully backing out of Russia, company says, as tech firms are forced to weigh in - CyberScoop NATO countries' refugee management may have been targeted by Belarus-linked hackers - CyberScoop Twitter Launches Tor Onion Service Making Site Easier to Access in Russia Hive ransomware gang targets Romanian oil firm in its latest cyberattack - The Record by Recorded Future Chinese Spies Hacked a Livestock App to Breach US State Networks | WIRED Christophe on Twitter: "Casually compromising API keys from Azure customers: - Step 1: Create an Azure automation account - Step 2: curl localhost on ports 40000+ You now have an API token in the Azure tenant of another customer, with the same permissions as the automation🙈 https://t.co/XRI99mCJ1T" / Twitter Google WAF bypassed via oversized POST requests | The Daily Swig DDoSers are using a potent new method to deliver attacks of unthinkable size | Ars Technica SATCOM terminals under attack in Europe: a plausible analysis. The internet in Ukraine is still mostly online. Could Starlink be a backup if it goes out? - The Record by Recorded Future Linux has been bitten by its most high-severity vulnerability in years | Ars Technica Google to acquire Mandiant in $5.4 billion deal - The Record by Recorded Future Senate approves cyber incident reporting bill amid worries about Russian threats - The Record by Recorded Future Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future Material Security: Keeping email safe at rest (improved audio) - YouTube Risky Biz Product Demos - YouTube
3/9/20220
Episode Artwork

Risky Business #656 – We expected a cyberwar but got an infowar

On this week’s show Patrick Gray, Dmitri Alperovitch and Adam Boileau discuss the week’s security news, including: We expected a cyberwar but got an information war People with SDR kits are doing SIGINT in Ukraine Conti has imploded and it’s hilarious Much, much more This week’s show is brought to you by Proofpoint. Sherrod DeGrippo, Proofpoint’s Vice President of Threat Research and Detection is this week’s sponsor guest. She joins us to talk about how there isn’t really any magic advice she can dispense to protect customers from Russian attacks. There are some show notes below, but they’re not exhaustive. Show notes The propaganda war has eclipsed cyberwar in Ukraine | MIT Technology Review Ukrainian Researcher Leaks Conti Ransomware Gang Data Signal on Twitter: "We've had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives." / Twitter Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future Phishing campaign targets European officials assisting in refugee operations - The Record by Recorded Future https://twitter.com/sbreakintl/status/1498619303717142529?s=21 Apple halts sales of products to Russia, restricts access to Russian news apps Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine - CyberScoop Russian State Media Hacked to Show Casualty Numbers for Russian Soldiers in Ukraine War Would Banning Russia From Getting Software Updates Make It Easier to Hack? Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory | WIRED vx-underground on Twitter: "Conti ransomware group previously put out a message siding with the Russian government. Today a Conti member has begun leaking data with the message "Fuck the Russian government, Glory to Ukraine!" You can download the leaked Conti data here: https://t.co/BDzHQU5mgw https://t.co/AL7BXnihza" / Twitter Active Measures, LLC on Twitter: "That keyboard sound you hear is lawyers at US CYBERCOMMAND updating some opinions." / Twitter Conti ransomware gang chats leaked by pro-Ukraine member - The Record by Recorded Future Russia appears to deploy digital defenses after DDoS attacks - The Record by Recorded Future Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED Auth0 co-founder and CEO Eugenio Pace walks us through the Auth0 platform - YouTube Dmitri Alperovitch on Twitter: "In the last few weeks, I have become increasingly convinced that Kremlin has unfortunately made a decision to invade Ukraine later this winter. While it is still possible for Putin to deescalate, I believe the likelihood is now quite low. Allow me to explain why 🧵" / Twitter
3/3/20220
Episode Artwork

Risky Biz Soap Box: US Government will embrace "phishing resistant MFA"

These Soap Box editions of the show are entirely sponsored – that means everyone you hear in one of these episodes paid to be here. In this edition we’re talking to Yubico’s Chief Solutions Officer Jerrod Chong. We do one of these Soap Box podcasts with Jerrod every year. Yubico, of course, is the maker of the Yubikey hardware security device. In this chat with Jerrod we cover a few things – like the zero trust executive order, hardware-backed web transactions and how the industry leading the charge on security keys right now is actually the cryptocurrency space.
2/28/20220