TopPodcast.com
Menu
  • Home
  • Top Charts
  • Top Networks
  • Top Apps
  • Top Independents
  • Top Podfluencers
  • Top Picks
    • Top Business Podcasts
    • Top True Crime Podcasts
    • Top Finance Podcasts
    • Top Comedy Podcasts
    • Top Music Podcasts
    • Top Womens Podcasts
    • Top Kids Podcasts
    • Top Sports Podcasts
    • Top News Podcasts
    • Top Tech Podcasts
    • Top Crypto Podcasts
    • Top Entrepreneurial Podcasts
    • Top Fantasy Sports Podcasts
    • Top Political Podcasts
    • Top Science Podcasts
    • Top Self Help Podcasts
    • Top Sports Betting Podcasts
    • Top Stocks Podcasts
  • Podcast News
  • About Us
  • Podcast Advertising
  • Contact
Not in our directory?
Add Show Here
Podcast Equipment
Center

toppodcastlogoOur TOPPODCAST Picks

  • Comedy
  • Crypto
  • Sports
  • News
  • Politics
  • True Crime
  • Business
  • Finance

Follow Us

toppodcastlogoStay Connected

    View Top 200 Chart
    Back to Rankings Page
    News

    Risky Business – Patrick Gray

    Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

    Advertise

    Copyright: © Copyright 2007-2022 Patrick Gray

    • Apple Podcasts
    • Google Play
    • Spotify
    Latest Episodes:
    Risky Business #679 -- A look at Uber's very bad week Sep 21, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • A look at how Uber got owned so hard
    • Why cleartext cookie storage in Microsoft Teams’ Electron-based app is actually a big deal
    • Russian official: Starlink is a legitimate military target
    • Wagner mercs get doxxed
    • Kiwi Farms having a bad time
    • Much, much more

    In this week’s sponsor interview we’ll be chatting to Nucleus’s CEO Steve Carter about CISA’s KEV list. He has feelings about the KEV list – they’re mostly positive, but he also has a few reasonable gripes and he joins me to talk about them.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation - The Record by Recorded Future
    • Uber confirms it is investigating cybersecurity incident - The Record by Recorded Future
    • Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars Technica
    • SharpTongue Deploys Clever Mail-Stealing Browser Extension "SHARPEXT" | Volexity
    • Hacking group focused on Central America dumps 10 terabytes of military emails, files
    • Securing the Supply Chain of Nothing | Kelly Shortridge
    • Russia Makes Veiled Threat to Destroy SpaceX's Starlink
    • Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group
    • Fears grow of Russian spies turning to industrial espionage - The Record by Recorded Future
    • Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records
    • Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress
    • CISA floats plan to partner with local universities for '311' cyberattack triage service - The Record by Recorded Future
    • Breach of software maker used to backdoor ecommerce servers | Ars Technica
    • Kiwi Farms has been breached; assume passwords and emails have been leaked | Ars Technica
    • (8) Kevin Beaumont on Twitter: "The saga continues - there was (also?) a script injected for a month on Kiwi Farms called Troonshine, gathering information and credentials from user’s systems, posting it to “https://t.co/XnrUu4t3sd”. They look very, very owned. https://t.co/kxdR8kxtC1" / Twitter
    • Pentagon reviews psychological operations amid Facebook, Twitter complaints - The Washington Post
    • Bosnia and Herzegovina investigating alleged ransomware attack on parliament - The Record by Recorded Future
    • Botched Crypto Mugging Lands Three U.K. Men in Jail – Krebs on Security
    • Cryptocurrency company Wintermute says hackers stole $160 million - The Record by Recorded Future
    • Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police
    Risky Biz Soap Box: Haroon Meer on "sensitive command tokens" Sep 15, 2022

    In this edition of the Soap Box podcast Patrick Gray talks to Haroon Meer about Thinkst Canary’s new sensitive command token. It’s a great way to detect intruders on your Windows systems. Haroon also talks about how to use canaries strategically.

    Show notes

    • Canaries as Network Motion Sensors
    • Sensitive Command Token - So much offense in my defense
    Risky Business #678 -- Iranians Gone Wild Sep 14, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Albania suffers under another crippling Iranian attack
    • Iran’s APT42 using clever, multi-persona phishing
    • State Department cyber snitching program paying off
    • Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump
    • Mudge fronts US Senate Judiciary Committee
    • Much, much more…

    This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO is this week’s sponsor guest and he talks about why they’ve pushed their Inception platform beyond YARA hunting. You can see a demo of Inception on our YouTube product demo page.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Risky Biz News: Albania-Iran cyber drama far from over
    • US sanctions Iran intelligence agency over Albania cyberattack - The Record by Recorded Future
    • Tom Uren on Cyber Embuggerance
    • Iranian military using spoofed personas to target nuclear security researchers - The Record by Recorded Future
    • Iranian hackers spy on journalists and government officials, researchers warn - The Record by Recorded Future
    • FBI, DOJ defend ‘offensive’ actions against Chinese, Russian operations - The Record by Recorded Future
    • State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says
    • More than $30 million seized from North Korean hackers involved in Axie crypto-theft - The Record by Recorded Future
    • $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit - Chainalysis
    • Twitter whistleblower testifies to Congress, calls for tech regulation reforms - The Record by Recorded Future
    • Twitter whistleblower testifies before Senate
    • Former NSA Head Keith Alexander Accused of Pump-and-Dump Scheme
    • Google: Conti repurposing tools for Ukraine attacks using Follina bug, Musk impersonation - The Record by Recorded Future
    • Pro-Ukraine hackers claim attack on Russian TV broadcasts - The Record by Recorded Future
    • Initial access broker or ransomware gang has 'exclusive' access to Mitel zero-day exploit: report - The Record by Recorded Future
    • Cyberattacks against U.S. hospitals mean higher mortality rates, study finds
    • Buenos Aires legislature announces ransomware attack - The Record by Recorded Future
    • Ransomware attack knocked a Kentucky city-operated ISP offline before holiday - The Record by Recorded Future
    • Ransomware attacks on retail increase, average retail payment grows to more than $200K - The Record by Recorded Future
    • Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan - The Record by Recorded Future
    • Patreon security team layoffs cause backlash in creator community
    • This Clever Anti-Censorship Tool Lets Russians Read Blocked News | WIRED
    • Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED
    • Catalin Cimpanu on Twitter: "They're still recruiting, btw" / Twitter
    • Cyberfella on Twitter: "@campuscodi Please convince Patrick to have a segment about NAFO named "Shitposting Dogs on the Bird App are making Vatniks Seethe and Cope" on the next riskybizz ep 🙏🙏🙏" / Twitter
    • ironnet chart - Google Search
    • Stairwell's Inception Platform - YouTube
    • Все Буде Україна (Everything Will Be Ukraine) - YouTube
    • Pink Floyd - Hey Hey Rise Up (feat. Andriy Khlyvnyuk of Boombox) - YouTube
    • PROBASS ∆ HARDI - GOOD EVENING (WHERE ARE YOU FROM?) - YouTube
    Risky Business #677 -- A day late and a dollar short: China doxxes NSA op Sep 07, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • China’s super spies figure out Rob Joyce ran TAO ops
    • FBI, French authorities fly to Montenegro to investigate ransomware attack
    • NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers
    • SIM swap drama spills into real world shootings, firebombings
    • Yandex Taxi hack clogs Moscow streets
    • The TikTok breach that wasn’t
    • Project Raven veterans get wings clipped
    • Why recent BGP hijacks are getting a bit concerning
    • Much, much more

    This week’s show is brought to you by Corelight, the company that maintains Zeek. Corleight’s Federal CTO Jean Schaffer joins us in this week’s sponsor interview to talk about whether or not the White House’s executive order on Zero Trust is actually changing anything.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Exclusive: Evidence shows US’ NSA behind attack on email system of leading Chinese aviation university - Global Times
    • Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter
    • Patrick Gray on Twitter: "Great thread" / Twitter
    • FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future
    • Chile says gov’t agency struggling with ransomware attack - The Record by Recorded Future
    • Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future
    • Ransomware Gang Accessed Water Supplier’s Control System
    • Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future
    • Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter
    • Criminal hackers targeting K-12 schools, U.S. government warns
    • QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future
    • Cloudflare Suggests It Won’t Cut Off Anti-Trans Stalking Forum
    • Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian
    • Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security
    • State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation
    • Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App
    • Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times
    • TikTok denies security breach after hackers leak user data, source code
    • Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future
    • Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium
    • nanog: Yet another BGP hijacking towards AS16509
    • A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED
    • Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica
    • Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts
    • Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED
    • WatchGuard firewall exploit threatens appliance takeover | The Daily Swig
    • Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future
    • Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica
    • Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43 – Naked Security
    • DownUnderCTF
    Risky Business #676 -- Okta, Authy users among Twilio hack targets Aug 31, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • The Twilio breach was actually a big deal
    • How a Belarusian Cyber Partisans hack burned a GRU illegal
    • Who wants 25m hashed passwords from Russia?
    • An NFT we can get behind
    • How attackers are using game anti-cheat drivers to defeat EDR
    • Much, much more

    This week’s sponsor interview is with Mike Benjamin, the VP of security research at Fastly. He pops in to argue that your red team needs to actually consider how your apps will cope with bot-driven attacks.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Why the Twilio Breach Cuts So Deep | WIRED
    • Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others | Ars Technica
    • The number of companies caught up in recent hacks keeps growing | Ars Technica
    • How 1-Time Passcodes Became a Corporate Liability – Krebs on Security
    • (1) Christo Grozev on Twitter: "We first noticed her thanks to a super useful database shared with us by @cpartisans: the border crossing records of Belarus. We knew the passport ranges of GRU and FSB spies, so we decided to search in that data-set by partial matches, leaving the last 3 digits out as wildcards." / Twitter
    • (1) Belarusian Cyber-Partisans on Twitter: "🧵1/3🔥For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens. Now we're offering you an opportunity to become a part of this history 😎. Get a unique digital version of #lukashenka passport as #NFT https://t.co/gOlWdoUehi https://t.co/RxdWpBqA8f" / Twitter
    • A huge Chinese database of faces and vehicle license plates spilled online | TechCrunch
    • Leading Russian streaming platform suffers data leak allegedly impacting 44 million users - The Record by Recorded Future
    • Plex imposes password reset after hackers steal data for >15 million users | Ars Technica
    • Montenegro struggles to recover from cyberattack that officials blame on Russia - The Record by Recorded Future
    • Patrick Gray on Twitter: "https://t.co/DOFdMExsPe" / Twitter
    • European data privacy watchdogs grill Twitter over Mudge security claims - The Record by Recorded Future
    • Google announces open source vulnerability reward program after Log4j, Codecov issues - The Record by Recorded Future
    • Google Online Security Blog: Announcing Google’s Open Source Software Vulnerability Rewards Program
    • Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims
    • An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware' - The Record by Recorded Future
    • LockBit ransomware group implicated in crippling attack on French hospital - The Record by Recorded Future
    • Major U.S. library service confirms ransomware attack, struggling to restore affected systems - The Record by Recorded Future
    • China-linked hackers target organizations operating in South China Sea - The Record by Recorded Future
    • Chinese hackers zero in on Australian manufacturers, wind turbine operators
    • FTC sues data broker that tracks locations of 125M phones per month | Ars Technica
    • FCC launches investigation into mobile carriers’ geolocation data practices - The Record by Recorded Future
    • Most top mobile carriers retain geolocation data for two years on average, FCC findings show - CyberScoop
    • Buddle co-accused one of 50 alleged criminals preparing challenge to police sting
    • Researchers discover sprawling pro-U.S. social media influence campaign
    • Unheard Voice: Evaluating five years of pro-Western covert influence operations
    • Rights groups, company leaders decry silence over VLC player ban in India - The Record by Recorded Future
    Risky Business #675 -- The problem with Mudge's whistleblowing complaint Aug 24, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • A deep look at Mudge’s sensational whistleblower complaint against Twitter
    • Brazilian Federal Police raid Lapsus$ crew
    • NSO CEO to stand down (again), 100 staff to be let go
    • Signal users impacted in Twilio incident
    • Tornado Cash OFACs around and finds out
    • Much, much more

    This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter
    • Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future
    • A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED
    • TikTok Says, No, It Isn't Stealing Your Passwords
    • Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future
    • Israeli spyware company NSO Group CEO steps down | Reuters
    • How a Third-Party SMS Service Was Used to Take Over Signal Accounts
    • VIASAT hack impacted French critical services | Cybernews
    • DOJ now relies on paper for its most sensitive court documents, official says
    • Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future
    • Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future
    • U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury
    • OFAC Around and Find Out - Lawfare
    • Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future
    • Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future
    • Risky Biz News: Is ransomware going after the Global South? Sure looks like it!
    • Ransomware Now Threatens the Global South | Royal United Services Institute
    • Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research
    • The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog
    • Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug
    • A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED
    • Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future
    • Breaking SIDH in polynomial time
    • Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects
    • Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future
    • Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future
    • Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future
    • North Korea-backed hackers have a clever way to read your Gmail | Ars Technica
    • When Efforts to Contain a Data Breach Backfire – Krebs on Security
    • Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future
    • Anonymous poop gifting site hacked, customers exposed
    Risky Biz Soap Box: Okta's Brett Winterford on session cookie theft and mitigations Aug 09, 2022

    In this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware.

    He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication.

    Show notes

    • Defending against session hijacking
    Risky Business #674 -- "Free money" exploit spawns $150m blockchain feeding frenzy Aug 03, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Taiwan tensions fail to conjure the cyber apocalypse
    • Crypto bridge exploit results in $150m feeding frenzy
    • Chainalysis evidence to be challenged in court
    • Post-quantum NIST candidate algorithm gets smoked
    • DSIRF’s Russia links
    • Much, much more

    This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Taiwanese websites hit with DDoS attacks as Pelosi begins visit
    • 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future
    • Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED
    • Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica
    • Federal court system suffered previously undisclosed breach, congressional committee says
    • Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future
    • Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria
    • Eavesdropping probe finds Israeli police exceeded authority | AP News
    • Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future
    • On security researcher's newsletter, exposing cybercriminals behind ransomware
    • Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future
    • At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future
    • American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future
    • Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future
    • Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch
    • Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future
    • German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future
    • The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future
    • Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books
    • Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future
    Risky Business #673 -- When throwing computers into a woodchipper is standard IR Jul 27, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Why Entrust being ransomwared is good news
    • UEFI bootkits turn hardware into landfill
    • Microsoft resumes macro blocking rollout
    • Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea
    • Much, much more

    This week’s sponsor guest is Paul “The Voice” Lanzi of Remediant. He’s popping along to talk about the emergence of a new product category – Identity Threat Detection and Response, or ITDR.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Italy investigating ransomware attack on tax agency - The Record by Recorded Future
    • IT security giant Entrust says it's investigating alleged June data breach - The Record by Recorded Future
    • Microsoft resuming default block of Office VBA macros - The Record by Recorded Future
    • Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica
    • China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors | Federal Public Service Foreign Affairs
    • Cyber Command shares bevy of new malware used against Ukraine - The Record by Recorded Future
    • Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health
    • Congress goes after spyware purveyors. Will it make a difference?
    • Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future
    • TSA unveils updated cybersecurity regulations of oil and gas pipelines - The Record by Recorded Future
    • Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED
    • Federal privacy legislation progresses, but concerns about data brokers loom
    • China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues - The Record by Recorded Future
    • T-Mobile reaches historic $350 million settlement in 2021 data breach - The Record by Recorded Future
    • Former Coinbase Manager Arrested by Feds for Alleged Insider Trading
    • Cisco patches dangerous bug trio in Nexus Dashboard | The Daily Swig
    • Atlassian patches batch of critical vulnerabilities across multiple products | The Daily Swig
    • Hardcoded password in Confluence app has been leaked on Twitter | Ars Technica
    Risky Business #672 -- "Expected behaviour" is in the eye of the beholder Jul 20, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • A look at the DHS Cyber Safety Review Board’s Log4j report
    • Joshua Schulte no longer the “alleged” Vault7 leaker
    • Chinese APT crews targeted US political journalists before Jan 6
    • Ransomware gangs make leak sites searchable
    • Why recovering plaintext passwords from Okta is expected behaviour
    • US Government seizes North Korean ransomware payment
    • Much, much more

    This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter
    • DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure
    • Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’
    • Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say
    • Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future
    • Who-is-Trickbot.pdf
    • A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security
    • Risky Biz News: Google removes app permissions from the Play Store
    • Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica
    • ‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig
    • Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com
    • Okta Response to Security Report | Okta
    • DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future
    • North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future
    • Colorado police investigating ransomware attack on small town - The Record by Recorded Future
    • Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future
    • Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future
    • MiCODUS MV720 GPS tracker | CISA
    • Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future
    • Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware
    • Are blockchains decentralized? | Trail of Bits Blog
    • Announcing the new Trail of Bits podcast | Trail of Bits Blog
    • GitHub - trailofbits/it-depends: A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
    Risky Business #671 -- The case for an American-owned NSO Group Jul 13, 2022

    On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including:

    • Why an American defence contractor acquiring NSO Group would be a nonproliferation win
    • A look at Microsoft’s botched macro measures
    • iPhone’s Lockdown Mode
    • Ukraine goes big on Yubikeys
    • Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash
    • Much, much more

    This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem.

    NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine.

    Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing.

    Show notes

    • L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post
    • Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware
    • Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come
    • PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig
    • Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica
    • Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future
    • Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents'
    • Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future
    • North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA
    • North Korea is targeting hospitals with ransomware, U.S. agencies warn
    • Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future
    • French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future
    • Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future
    • OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future
    • Chinese Hackers Targeting Russian Government and Telcos
    • DeFi Hacker Returns $8m
    • Millions in Cryptocurrency Stolen in Phishing Attacks
    Risky Biz Soap Box: Running a global vulnerability management program Jul 11, 2022

    Today’s soap box is brought to you by Nucleus Security.

    Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc.

    If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos page, I’ve linked through to it in the show notes for this podcast.

    Our guest in this episode is Scott Kuffer, co-founder of Nucleus, and the topic is running a vulnerability management program in a very large enterprise.

    Show notes

    • Nucleus Security Product Demo on Risky Biz YouTube Channel
    Risky Business #670 -- China's world record data breach Jul 06, 2022

    On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including:

    • A billion records leaked in China
    • China to develop desktop operating system
    • HackerOne fires insider for stealing hackers’ work and bounties
    • FSB officer charged with stealing hacker’s bitcoin
    • Why Microsoft is wrong on Russia and Ukraine
    • Much, much more

    Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain.

    Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing.

    Show notes

    • Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters
    • China lured graduate jobseekers into digital espionage | Ars Technica
    • Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post
    • Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised
    • (2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter
    • Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica
    • Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС
    • Cybersecurity experts question Microsoft's Ukraine report
    • (4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter
    • Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК
    • CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter
    • Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine
    • Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel
    • Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel
    • TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future
    • After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future
    • California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future
    • Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean
    • Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future
    • State unemployment, jobs services down around the country after cyberattack
    • NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future
    • UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig
    • Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst
    • Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future
    • North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future
    • Nucleus Security's vulnerability management platform - YouTube
    • Explore Atomic Red Team
    Risky Business #669 -- Finally, an ICS attack that made stuff explode! Jun 29, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Activists who are totally not Israeli military hackers make Iranian steel mills firebally
    • Chinese APT crews use ransomware to muddy attribution
    • Attackers are now ransoming cloud access
    • Chinese APTs using building control systems for persistence and stealth
    • USA, UK and NZ govts issue PowerShell advice
    • Much, much more

    This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Iranian steel facilities suffer apparent cyberattacks
    • Automotive fabric supplier TB Kawashima announces cyberattack
    • US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future
    • BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks
    • Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future
    • Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter
    • Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web
    • Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future
    • Akamai Blog | Bots Are Scalping Israeli Government Services
    • Rise of LNK (Shortcut files) Malware | McAfee Blog
    • Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT
    • Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future
    • The hacking industry faces the end of an era | MIT Technology Review
    • Lawmakers want to restrict user data sales to nations like China, Russia
    • US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future
    • CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
    • A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review
    • Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions
    • Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig
    • BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig
    • CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future
    • CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future
    • CSAC Recommendations (06-16-2022) (1) - DocumentCloud
    • Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security
    • Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig
    • Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig
    • Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO
    • FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future
    • Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter
    • PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter
    • Patrick Gray on Twitter: "🎉" / Twitter
    Risky Biz Soap Box: HD Moore on taking Rumble to the cloud Jun 26, 2022

    Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery.

    If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions.

    But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

    Risky Business #668 -- Microsoft is hiding its Azure security problems Jun 22, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Paige Thompson guilty of Capital One hack
    • Microsoft is hiding serious Azure security issues
    • New Australian government lobbying for Julian Assange
    • How to ransomware documents in the cloud
    • Microsoft stops Windows 10/11 downloads in Russia
    • Belarusian cyber partisans obtain spy agency’s audio recordings
    • Much, much more

    This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice
    • MPs back quiet diplomacy in Assange case
    • Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica
    • Microsoft’s Vulnerability Practices Put Customers At Risk | LinkedIn
    • Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future
    • Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig
    • Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future
    • Telegram: Contact @tass_agency
    • Microsoft pulls Windows 10 and 11 in Russia • The Register
    • DDoS Attacks Delay Putin Speech at Russian Economic Forum
    • Russia warns of a “military clash” if it’s hit by US cyberattacks - The Record by Recorded Future
    • Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy
    • U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post
    • Srsly Risky Biz: Friday June 17 - by Tom Uren
    • Suspect in hacking Russian customs detained in Moscow
    • String of attacks on French telecom infrastructure preceded April attack on fiber optic cables
    • Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future
    • Ukrainian cybersecurity officials disclose two new hacking campaigns
    • Police Linked to Hacking Campaign to Frame Indian Activists | WIRED
    • INTERPOL raids hundreds of scammy call centers in sweep
    • A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED
    • Ranking The World's Angriest Scammers - 10/10 Rage - YouTube
    • MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future
    • A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica
    • Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced
    • How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it
    • The tale of a whale who took Solend’s money – Amy Castor
    Risky Business #667 -- "Shields Up" for cyber's forever war Jun 13, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • “Shields Up” advice is now provably meaningless
    • Russia to ditch offshore comms apps like WhatsApp
    • Evil Corp’s Lockbit sanctions evasion attempt backfires
    • Binance is a cesspit of shady financial dealings
    • Apple’s passkey release foreshadows FIDO mass adoption
    • Much, much more

    This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News
    • White House: cyber activity not against Russia policy | Reuters
    • 'Shields Up': the new normal in cyberspace
    • Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022
    • «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru
    • Киев использовал против России новый принцип кибератак - Ведомости
    • Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022
    • FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator
    • To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant
    • Risky Biz News: LockBit-Mandiant drama, explained
    • How Binance became a hub for hackers, fraudsters and drug sellers
    • Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore.
    • Fed cyber officials detail Chinese state hackers using common exploits against telcos
    • Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store
    • Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com
    • Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED
    • Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future
    • Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED
    • MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED
    • Zero-Day Exploitation of Atlassian Confluence | Volexity
    • Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter
    • Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED
    • (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter
    • Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions
    • ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million
    • PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter
    • NFT insider trading charges filed against former OpenSea employee Nate Chastain
    • Detecting BPFDoor backdoor payload | Elastic
    Risky Business #666 -- The msdt RTF of DOOM May 31, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • The msdt/office lolbinapalooza
    • Microsoft to introduce sensible defaults to Azure
    • Twitter fined $150m for sms 2fa spam
    • It turns out npm got owned in that Heroku/Travis CI thing
    • AWS cred-stealing supply chain attack was research your honour, I swear!
    • Much, much more

    We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter
    • Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar
    • Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter
    • Microsoft Office Remote Code Execution - “Follina” MSDT Attack
    • Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community
    • npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog
    • Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future
    • REvil prosecutions reach a 'dead end,' Russian media reports
    • Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future
    • Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters
    • Российские компании начали увольнять украинских ИT-специалистов — РБК
    • Hacker Leaks Mountain of Files From Inside Xinjiang Camps
    • Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel
    • No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post
    • Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews
    • 756.pdf
    • Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig
    • Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters
    • Hacker Steals Database of Hundreds of Verizon Employees
    • GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter
    • Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter
    • Darknet market Versus shuts down after hacker leaks security flaw
    • Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica
    • Red Canary Managed Detection and Response - YouTube
    • Airlock Digital Demo - YouTube
    Risky Business -- #665 You can ransomware whole countries now May 25, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Conti’s war against Costa Rica
    • DoJ revises CFAA guidance
    • Naughty kids get access to DEA portal
    • A look at a Russian disinfo tool
    • PyPI and PHP supply chain drama
    • Much, much more

    This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News
    • Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system
    • Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts
    • K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future
    • Greenland says health services 'severely limited’ after cyberattack - The Record by Recorded Future
    • Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future
    • 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future
    • Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future
    • Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig
    • Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley
    • GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK
    • Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter
    • Water companies are increasingly uninsurable due to ransomware, industry execs say
    • Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice
    • download
    • DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security
    • Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak
    • FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say
    • Sonatype PiPI blog post
    • Dvuln Labs - ServiceNSW’s Digital Drivers Licence Security appears to be Super Bad
    • New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica
    • Researchers devise iPhone malware that runs even when device is turned off | Ars Technica
    • New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center
    • CISA issues directive for exploited VMware bug after IR team deployed to ‘large’ org - The Record by Recorded Future
    • Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica
    • Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard
    • Thinkst Canary
    SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns May 20, 2022

    The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.

      Related Podcasts

      pm73media

      1

      pm73media News
      The Focus Group Podcast

      2

      The Focus Group Podcast News
      Pivot

      3

      Pivot Business
      Smashing Security

      4

      Smashing Security News
      TCBC

      5

      TCBC News
      Primed

      6

      Primed Business
      footer-logo

      Contact Us

      Toll Free: 844-670-7747

      Links

      • Home
      • Top Charts
      • Networks
      • Apps
      • Independents Podcasts
      • Podcast Advertising
      • Podcast News
      • Contact Us
      • About Us
      • Analytics & Insights

      Stay Connected

        Privacy, Terms of Use & Our Code of Ethics Protecting Content Creators Copyrights