On this week’s show, Patrick Gray and Adam Boileau discusses the week’s security news, including:

• Telegram founder’s arrest in France
• Volt Typhoon 0days some SD-WAN gear
• Russia frets about Ukraine all up in Kursk’s webcams
• Cybercriminals social engineer payment card NFC relay attacks in the wild
• The slow burn of Active Directory name collisions
• And much, much more.

This week’s episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly.

You can also watch this week’s show on Youtube.

• Pavel Durov: Telegram CEO's arrest part of larger investigation
• Keep Pavel Durov LOCKED UP
• Internet mogul Kim Dotcom to be extradited to the US, NZ justice minister says
• New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ – Krebs on Security
• Oil industry giant Halliburton confirms 'issue' following reported cyberattack
• Seattle airport confronts 4th day of cyberattack outages | Cybersecurity Dive
• Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine
• In a Kyiv hangar, Ukraine launches a cyber range for everyone
• U.S. military, on Tinder, says to swipe left on Iran-backed militants - The Washington Post
• CISA officials credit Microsoft security log expansion for improved threat visibility | Cybersecurity Dive
• Suspect in $14 billion cryptocurrency pyramid scheme extradited to China
• Android malware used to steal ATM info from customers at three European banks
• Novel technique allows malicious apps to escape iOS and Android guardrails | Ars Technica
• Local Networks Go Global When Domain Names Collide – Krebs on Security
• Attack tool update impairs Windows computers
• SonicWall pushes patch for critical vulnerability in SonicOS platform | CyberScoop
• “YOLO” is not a valid hash construction

Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO.

Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content.

So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.

This Soap Box edition of the show is with Mike Wiacek, the CEO and Founder of Stairwell.

Stairwell is a platform that creates something similar to an NDR, but for file analysis instead of network traffic. The idea is you get a copy of every unique file in your environment to the Stairwell platform, via a file forwarding agent. You get an inventory that lists where these files exist in your environment, at what times, and from there you can start doing analysis.

If you find a dodgy file you can do all the usual malware analysis type stuff, but you can also do things like immediately find out where else that file is in your organisation, or even where else it was. From there you can identify other files that are similar – variants of those files – and search for those. And you can unpack all this very, very quickly.

This is the type of tool that EDR companies use internally to do threat hunting, but it’s just for you and your org – you can drive it. And as you’ll hear, the idea of a transparent, customisable and programmable security stack is something that’s on-trend at the moment. Mike lays out the case that doing this sort of file analysis in your organisation makes a whole lot of sense.

In this podcast Alex Stamos, Chris Krebs and Patrick Gray discuss the relationship between cybercrime and the state, which is often more complicated than it should be.

While the US Government and its allies fight the scourge of ransomware, other governments are using it to either raise revenue or irritate their foes. North Korea sees ransomware as a money spinner, while the Kremlin enjoys poking the west in the eye with it.

Join us for a breakdown of the relationships between governments who should know better and the worst types of people on the planet.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Widely used polyfill javascript gets hijacked by its new owners
• MacOS supply chain disaster bullet dodged
• That OpenSSH remote code exec OH MY <3
• Entrust gets its CA business kicked to the kerb by Google
• South Korean telco intentionally viruses 600k customers
• Microsoft continues to deeply underwhelm
• And much, much more.

This week’s episode is sponsored by Greynoise. Founder Andrew Morris joins to talk about ways to track attackers across NAT and VPNs, as well as how you can join in the fun of running an internet-scale honeypot network.

• Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites
• 3 million iOS and macOS apps were exposed to potent supply-chain attacks
• regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
• Google Online Security Blog: Sustaining Digital Certificate Security - Entrust Certificate Distrust
• TeamViewer: Hackers copied employee directory data and encrypted passwords
• South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs | Tom's Hardware
• CDK eyes service restoration for all car dealers by Fourth of July
• ‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments
• Patelco Credit Union ransomware attack halts banking services for nearly half a million members
• LockBit claims cyberattack on Croatia’s largest hospital
• Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree
• Suspected Chinese gov’t hackers used ransomware as cover in attacks on Brazil presidency, Indian health org
• Nearly 4,000 arrested in global police crackdown on online scam networks
• USD 257 million seized in global police crackdown against online scams
• Microsoft alerts additional customers of state-linked threat group attacks
• Midnight Blizzard Microsoft Email Data Sharing Request: Legit? : r/Office365
• Polish Parliament strips official of immunity, clearing path for prosecution in spyware scandal
• Stolen credentials could unmask thousands of darknet child abuse website users
• WA man set up fake free wifi at Australian airports and on flights to steal people’s data, police allege
• Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
• iOS 17 lockdown mode blocking CarPlay? : r/ios

This is a sponsored Soap Box edition of the Risky Business podcast.

Abhishek Agrawal is the CEO and co-founder of Material Security, an email security company that locks down cloud email archives. Attackers have been raiding mailspools since hacking has existed, and with those mailspools now in the cloud with services like o365 and Google Workspace, guess where the attackers are going?

Material built a product that helps you lock up your email data, to archive and redact sensitive information. The idea is to really just limit what an attacker can do with email data if they pop an account.

Abhishek joined me to talk about a few things, like how non phishing resistant MFA is basically dead, how email content is very useful to security programs, and about how the gen AI won’t really change much on the defensive control side.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Julian Assange finally cuts a deal, pleads guilty, and goes free
• USA to ban Kaspersky - even updates
• Car dealer SaaS provider CDK contemplates paying a ransom
• Intolerable healthcare ransomware attacks continue
• We revisit Windows proximity bugs via wifi and bluetooth
• And much, much more.

This week’s episode is sponsored by enterprise browser maker Island. Crowdstrike co-founder Dmitri Alperovitch is an investor in Island, and joins on its behalf to discuss why an enterprise browser is really starting to make sense.

• Julian Assange released from prison and has left UK, WikiLeaks says
• US to ban Kaspersky Lab software nationwide later this year
• Cyberattack on CDK Global stymies work at car dealerships across US
• Almost 200 cancer operations postponed as ransomware group publishes London hospitals data
• UK government weighs action against Russian hackers over NHS records theft
• South Africa’s national health lab hit with ransomware attack amid mpox outbreak
• Ransomware victims are becoming less likely to pay up | Cybersecurity Dive
• Lawmakers in Philippines push for probe into Pentagon's anti-vax propaganda operation | Reuters
• Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch
• Two bluetooth vulnerabilities in Windows
• Thread on reversing the patch
• Basic concept for the latest windows wifi driver CVE

On this week’s retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week’s security news:

• Microsoft recalls Recall, but why did it have to be such a mess
• And a Windows kernel wifi code-exec, really?
• Passkeys and identity are hard
• Scattered Spider bigwig arrested in Spain
• The pentagon runs a deeply flawed info-op
• Is it time E2E crypto nerds accept their place in the world?
• And much, much more.

This week’s show is brought to you by Corelight… Corelight’s CEO Brian Dye will be along in this week’s sponsor interview to make a really compelling case for something that shouldn’t exist… which is NDR in cloud environments.

• Microsoft shelves Recall feature release after security uproar
• Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop
• Microsoft’s cybersecurity vulnerabilities endanger America
• US lawmakers grill Microsoft president over China ties, hacks | Reuters
• Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica
• CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability
• Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
• Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week’s show and I’ll tell you all exactly how I was wrong in next week’s show"
• Passkeys in Microsoft Authenticator and Entra ID
• Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
• MFA plays a rising role in major attacks, research finds | Cybersecurity Dive
• Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·…
• Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security
• EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com
• Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica
• Windows flaw may have been exploited with Black Basta ransomware before it was patched
• Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World
• City governments in Michigan, New York face shutdowns after ransomware attacks
• Cleveland confirms ransomware attack as City Hall remains closed
• Authorities investigating extended ‘network outage’ at organization that runs TheBus
• Pentagon ran secret anti-vax campaign to incite fear of China vaccines
• Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz"
• Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel"
• Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material

On this week’s show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob’s left the government service, he’s hobnobbing with us pundits, talking through the week’s news:

• Apple announces a big leap for confidential cloud computing into the mass market
• While at the same time, letting you just mosey around your iPhone from your Mac
• Mandiant reports in about the Snowflake breach
• Moody’s say credit ratings might consider cyber incidents
• Microsoft fixes an Azure flaw with a… “comprehensive documentation update”
• And much, much more.

This week’s show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico’s COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem.

• Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive
• macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple
• The Wiretap: Apple’s AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced
• Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X
• Risky Biz News: Microsoft budges on Windows 11 Recall
• Tenable finds an Azure flaw, Microsoft calls it a feature • The Register
• LendingTree confirms that cloud services attack potentially affected subsidiary
• Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica
• 7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica
• Urgent call for O-type blood donations following London hospitals ransomware attack
• Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down
• Cyberattacks pose mounting risks to creditworthiness: Moody’s | Cybersecurity Dive
• Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
• FCC moves ahead on internet routing security rules | CyberScoop
• House Republicans propose eliminating funding for election security | CyberScoop
• New DJI policy: No flight record syncing for US drone pilots
• Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors
• Critical PHP CVE is under attack — research shows it’s easy to exploit | Cybersecurity Dive
• A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED

On this week’s show Patrick Gray and Mark Piper discuss the week’s security news, including:

• What on earth happened at Snowflake?
• A look at operation Endgame
• Check Point’s hilarious adventures with dot dot slash
• Report says the FTC is looking at Microsoft’s security product bundling
• More ransomware hits Russia
• Much, much more

404 Media co-founder Joseph Cox is this week’s feature guest. He joins us to talk about his new book, Dark Wire, which is all about the FBI’s Anom sting.

This week’s show is brought to you by Resourcely. If your Terraform is a mess or your CSPM dashboards are lighting up with insane and stupid things, you should check out Resourcely. Its founder and CEO Travis McPeak will be along in this week’s sponsor interview to talk about all things Terraform.

• The Snowflake breach and the need for mandatory MFA
• Snowflake at centre of world’s largest data breach | by Kevin Beaumont | Jun, 2024 | DoublePulsar
• Cloud company Snowflake denies that reported breach originated with its products
• ‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security
• Treasury Sanctions Creators of 911 S5 Proxy Botnet – Krebs on Security
• TikTok warns of exploit aimed at 'high-profile accounts’
• SEC clarifies intent of cybersecurity breach disclosure rules after initial filings | Cybersecurity Dive
• SEC.gov | Disclosure of Cybersecurity Incidents Determined To Be Material and Other Cybersecurity Incidents[*]
• Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack
• London hospitals declare emergency following ransomware attack | Ars Technica
• North Korea’s ‘Moonstone Sleet’ using fake tank game, custom ransomware in attacks
• OpenAI models used in nation-state influence campaigns, company says
• National Vulnerability Database | NIST
• More than 600,000 routers knocked out in October by Chalubo malware
• Hackers steal $305M from DMM Bitcoin crypto exchange | TechCrunch
• Germany's main opposition party hit by ‘serious’ cyberattack
• Cyberattack disrupts operations of supermarkets across Russia
• Rare earths miner targeted in cyber attack prior to removal of Chinese investors - ABC News
• Check Point - Wrong Check Point (CVE-2024-24919)
• Kevin Beaumont: "The latest Risky Business epis…" - Infosec Exchange
• This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI | WIRED
• FTC-industry talks over possible Microsoft probe raised recent hacking incidents - Nextgov/FCW
• Tim Schofield 🏴󠁧󠁢󠁥󠁮󠁧󠁿 🇬🇧 🇪🇺🗺: "@riskybusiness @metlstorm I d…" - Infosec Exchange
• Dark Wire: The Incredible True Story of the Largest Sting Operation Ever: Cox, Joseph: 9781541702691: Amazon.com: Books
• Distant Field Labs

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Russian delivery company gets ransomware-wiper’d
• A supply-chain attack targets video software used in US courts
• Checkpoint firewalls get hacked, details as clear as mud
• Microsoft Recall delights hackers
• Aussie telco Optus gets told its IR report isn’t legal advice
• Cyber insurer says you’re 5x more likely to get rekt if you have a Cisco ASA
• And much, much more.

This week’s episode is sponsored by Kroll Cyber. Alex Cowperthwaite, Kroll’s technical director research and development for offence joins to talk about how his team attacks AI models, in ways both classic and new.

• Major Russian delivery company down for three days due to cyberattack
• Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security
• CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
• Check Point Software customers targeted by hackers using old, local VPN accounts | Cybersecurity Dive
• US pharma giant Cencora says Americans' health information stolen in data breach | TechCrunch
• Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’ | WIRED
• Kevin Beaumont: "I got ahold of the Copilot+ so…" - Cyberplace
• Kevin Beaumont: "For those who aren’t aware, Mi…" - Cyberplace
• Patrick Gray on X: "You know it’s coming… Microsoft Defender Advanced Security for Recall"
• Microsoft Edge for Business: Revolutionizing your business with AI, security and productivity - Microsoft Edge Blog
• Optus loses appeal to keep Deloitte report on cyberattack secret
• Optus says it will defend allegations it failed to protect confidential details of 9 million customers in cyber attack - ABC News
• Nearly 3 million affected by Sav-Rx data breach
• Spyware app pcTattletale was hacked and its website defaced | TechCrunch
• #F**kStalkerware pt. 6 - tattling on pcTattletale
• Spyware maker pcTattletale shutters after data breach | TechCrunch
• Jeremy Kirk: "Cyber insurer Coalition releas…" - Infosec Exchange
• Coalition_2024-Cyber-Claims-Report
• TikTok says it disrupted 15 influence operations this year — including one from China
• Israeli private eye accused of hacking was questioned about DC public affairs firm, sources say | Reuters
• RansomHub claims attack on Christie’s, the world’s wealthiest auction house
• Open-Source Assessments of AI Capabilities: The Proliferation of AI Analysis Tools, Replicating Competitor Models, and the Zhousidun Dataset
• Shashank Joshi on X: "Additionally, OpenAI will retain and consult with other safety, security, and technical experts to support this work, including former cybersecurity officials, Rob Joyce [@RGB_Lights], who advises OpenAI on security, and John Carlin."

This week’s episode was recorded in front of a live audience at AusCERT’s 2024 conference. Pat and Adam talked through:

• Google starts using security as a marketing tool against Microsoft, along with steep discounts
• Microsoft announces a creepy desktop recording AI
• UK govt proposes ransom payment controls
• Arizona woman runs a laptop farm for North Korea
• Julian Assange just keeps on with his malarky
• And much, much more

This week’s episode is sponsored by Tines. Its CEO Eoin Hinchy joins the show to talk about how AI can be genuinely useful in automation.

• (1) Dina Bass on X: "Google is offering deep discounts to government and corporate customers to entice them to switch from Microsoft Office as it attacks Microsoft's cybersecurity over recent breaches, citing US gov't cybersecurity review board report https://t.co/43sIJmBWi5" / X
• Microsoft president set to testify before Congress on ‘security shortcomings’ | Cybersecurity Dive
• Chairman Green, Ranking Member Thompson Announce Microsoft President Will Testify on Company’s Security Shortcomings Following Hack of Government Accounts – Committee on Homeland Security
• Google leverages Microsoft’s cyber gaps to woo Workspace customers | Cybersecurity Dive
• CSRB report highlights the need for a new approach to security
• (1) vx-underground on X: "tl;dr Microsoft introduces 24/7 surveillance functionality for the NSA and/or CIA but markets it as a feature that you'll like" / X
• Everything You Need to Know About Windows 11's Recall Feature
• Australian government warns of 'large-scale ransomware data breach'
• (1) National Cyber Security Coordinator on X: "The Australian Government continues to assist MediSecure, an electronic prescriptions provider, respond to a cyber incident. We are still working to build a picture of the size and nature of the data that has been impacted by this data breach impacting MediSecure. This https://t.co/oyNeRonurZ" / X
• HHS offering $50 million for proposals to improve hospital cybersecurity
• Remote-access tools the intrusion point to blame for most ransomware attacks | Cybersecurity Dive
• UK insurance industry begins to acknowledge role in tackling ransomware
• Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments
• Hacktivists turn to ransomware in attacks on Philippines government
• Arizona woman accused of helping North Koreans get remote IT jobs at 300 companies | Ars Technica
• US offers $5 million for info on North Korean IT workers involved in job fraud
• FCC might require telecoms to report on securing internet's BGP technology
• FCC to probe ‘grave’ weaknesses in phone network infrastructure
• EPA says it will step up enforcement to address ‘critical’ vulnerabilities within water sector
• EPA takes steps to address cybersecurity weaknesses at water utilities
• British signals agency to protect election candidates’ phones from cyberattacks
• Feds seize BreachForums platform, Telegram page
• Dark web narcotics market’s alleged leader arrested and charged in New York
• WikiLeaks’ Julian Assange Can Appeal His Extradition to the US, British Court Says | WIRED

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:

• Microsoft did a good thing! Soon all Azure admins will require MFA
• The three billion row National Public Data breach mess, courtesy Florida Man
• US govt confirms that it was Iran that hacked the Trump campaign
• Is TP-Link the next Huawei, or just not very good at computers?
• Major Chinese RFID card maker has hardcoded backdoors
• And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.

• Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog
• phishing resistant mfa - Google Search
• Microsoft will require MFA for all Azure users
• NationalPublicData.com Hack Exposes a Nation’s Data – Krebs on Security
• National Public Data Published Its Own Passwords – Krebs on Security
• Bloomberg Law
• How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News
• German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ
• Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI
• Crypto firm says hacker locked all employees out of Google products for four days
• ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X
• Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading
• Routers from China-based TP-Link a national security threat, US lawmakers claim
• Hardware backdoors found in Chinese smart cards
• Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
• Hardware backdoors found in Chinese smart cards
• Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

In this podcast SentinelOne’s Chief Trust officer Alex Stamos and its Chief Intelligence and Public Policy Officer Chris Krebs join Patrick Gray to talk all about AI.

It’s been a year and a half since ChatGPT landed and freaked everyone out. Since then, AI has really entrenched itself as the next big thing. It’s popping up everywhere, and the use cases for cybersecurity are starting to come into focus.

Threat actors and defenders are using this stuff already, but it’s early days and as you’ll hear, things are really going to change, and fast.

This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including:

• The ongoing Ascension healthcare disruption, and
• Whether its reasonable for healthcare orgs to be pushing back
• Platforming cybercriminals for interviews
• Own the libs by… not using E2EE messaging?
• CISA’s secure by design, we want to believe!
• The $64billion scale of indusrialised fraud
• And much, much more.

This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report.

• Federal agencies assisting Catholic health network amid cyberattack
• After Ascension ransomware attack, feds issue alert on Black Basta group
• As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted
• Stolen children’s health records posted online in extortion bid
• Guidance for organisations considering payment in... - NCSC.GOV.UK
• How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security
• In interview, LockbitSupp says authorities outed the wrong guy
• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED
• UK 'increasingly concerned' about Russian intelligence links to hacktivists
• Civil society under increasing threats from ‘malicious’ state cyber actors, US
• Elon Musk Weighs in on the Encryption Wars Between Telegram and Signal
• Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch
• Christie's Website Offline For A Fifth Day And The Company Is Still Silent On The Extent Of Last Week's Security Breach
• 68 tech, security vendors commit to secure-by-design practices | Cybersecurity Dive
• UK government urges caution over blaming China for Ministry of Defence breach
• Black Basta group spam-bombs victims and then calls to help
• Southeast Asian scam syndicates stealing $64 billion annually, researchers find
• The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy | WIRED
• ADVANCED APT EMULATION LABS
• Download the runZero Research Report

Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including:

• The west doxxes LockbitSupp, who must now hide his hundred million dollars
• Revil hacker behind Kasaya breach gets 14 years
• Microsoft makes some positive sounding* noises on security
• A fun flaw in nearly all VPN clients
• Gitlab admins continue their never-ending incident response
• And much, much more.

This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data.

* we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland.

• 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks | WIRED
• Andy Greenberg: "@metlstorm @riskybusiness no w…" - Infosec Exchange
• U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security
• Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware
• Microsoft ties security goals to exec compensation
• China suspected of hacking British military payment system, reports say
• Germany recalls ambassador to Russia over cyberattacks
• Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’
• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica
• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED
• Dropbox says hacker accessed passwords, authentication info during breach
• Maximum-severity GitLab flaw allowing account hijacking under active exploitation | Ars Technica
• Our new research: Enhancing blockchain analytics through AI
• Reconstructing the Mind’s Eye: fMRI-to-Image with Contrastive Learning and Diffusion Priors
• Kevin Collier on X: "Oh my God. @riskybusiness is already the name of what is by a longshot the most established cyber podcast. There are a million possible names out there and Mr Decision Making over here went with one that's been in use for more than 15 years."

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Microsoft reassures* us that they take security very seriously*
• Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure how
• Change Healthcare was 1FA Citrix all along
• The FTC, FCC and other government sticks get waved at tech
• Lizard Squad Finn who hacked the Vastaamo therapy chain gets sentenced
• And much, much more.

This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable.

* You’ll forgive us for being… a tad sceptical.

• 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks | WIRED
• Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO | TechCrunch
• Microsoft CEO says security is its No. 1 priority | Cybersecurity Dive
• TrustedSec | Full Disclosure: A Look at a Recently Patched Microsoft…
• Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg | Cybersecurity Dive
• FTC commercial surveillance rules could arrive within months, sources say
• FCC takes $200 million bite out of wireless carriers for sharing location data | CyberScoop
• Know-your-customer executive order facing stiff opposition from cloud industry
• Tech companies must help the fight aganst extremists using encryption: ASIO boss
• Josh Taylor on X: "Yess, excellent question from @Paul_Karp on why AFP et al aren't using the powers they already have. They say one technical assistance or capability notice has recently been issued. https://t.co/pEXrvjK5Q4" / X
• (720) IN FULL: ASIO and AFP respond to X chairman Elon Musk, issues social media warnings | ABC News - YouTube
• China-linked PlugX malware infections found in more than 170 countries
• Belarus secret service website still down after hackers claim to breach it
• Man Who Mass-Extorted Psychotherapy Patients Gets Six Years – Krebs on Security
• Sweden's liquor shelves to run empty this week due to ransomware attack
• Congress picked a direct fight with ByteDance and TikTok. The privacy implications are less clear.
• Telegram blocks, then unblocks, chatbots used by Ukraine’s intelligence services
• Elon Musk’s X takeover crushed Twitter’s profit to just $4804 in Australia
• Australian court orders Elon Musk’s X to hide Sydney church stabbing posts from users globally | Australia news | The Guardian
• After the Christchurch attacks, Twitter made a deal with Jacinda Ardern over violent content. Elon Musk changed everything - ABC News
• World on the Brink: How America Can Beat China in the Race for the Twenty-First Century - Kindle edition by Alperovitch, Dmitri, Graff, Garrett M.. Politics & Social Sciences Kindle eBooks @ Amazon.com.

In this edition of Snake Oilers we’ll be hearing from:

• Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.)
• Knocknoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.)
• iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)

In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Palo Alto’s firewalls have a ../ bad day
• Sisense’s bucket full of creds gets kicked over
• United Healthcare draws the ire of congress
• FISA 702 reauthorisation finally moves forward
• Apple warns about “mercenary exploitation” but what’s the India link?
• And much, much, more

This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

• Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability
• CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect
• Rapid7 Technical Analysis
• Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security
• Congress rails against UnitedHealth Group after ransomware attack | CyberScoop
• The US Government Has a Microsoft Problem | WIRED
• House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post
• Top officials again push back on ransom payment ban | Cybersecurity Dive
• Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop
• Over 500 people targeted by Pegasus spyware in Poland, officials say
• Apple drops term 'state-sponsored' attacks from its threat notification policy
• “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
• PuTTY vulnerability vuln-p521-bias
• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
• Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica
• Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Ransomware: down but not out
• Zero day prices on the rise…
• … and what it means for enterprise software
• Geopolitical conflict comes to computers in Palau
• Ukraine cyber chief Illia Vitiuk suspended
• More x86 microarchitectural bad times
• And much much more

Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.

• CyberCX_Report_DFIR 2023 Year in Review_Online.pdf
• Ransomlook Stats
• Vlad Styran 🇺🇦 on X: ".@riskybusiness has noted recently that there is an “orthodox Easter”-like low season in the ransomware village. Although my sources do not support this assessment, if true, there might be a simple explanation https://t.co/kM8lu6KbyY" / X
• Price of zero-day exploits rises as companies harden products against hackers | TechCrunch
• Mandiant spots advanced exploit activity in Ivanti devices | Cybersecurity Dive
• Pricing - Knocknoc
• ALPHV steps up laundering of Change Healthcare ransom payments | CyberScoop
• Extortion group threatens to sell Change Healthcare data | CyberScoop
• Attempted hack on NYC continues wave of cyberattacks against municipal governments
• Missouri county declares state of emergency amid suspected ransomware attack | Ars Technica
• Medusa cybercrime gang takes credit for another attack on US municipality
• Omni Hotels & Resorts hit by cyberattack | Cybersecurity Dive
• Targus says cyberattack is causing operational outage | TechCrunch
• German database company Genios confirms ransomware attack
• Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses
• ‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident
• 'They’re lying': Palau denies claims by ransomware gang over recent cyberattack
• Ukrainian security service’s cyber chief suspended following media investigation
• Russia seeks criminal charges against executives at flight booking service accused of failing to protect consumer data
• House hurtles toward showdown over expiring surveillance tools | CyberScoop
• D-Link tells customers to sunset actively exploited storage devices | Cybersecurity Dive
• A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED
• Ahoi Attacks
• Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability - Phoronix
• Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch
• Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers | Proofpoint US

In this edition of Snake Oilers you’ll hear pitches from three companies:

• Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.)
• ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte
• Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2

On this week’s show Patrick and Adam discuss the week’s security news, including:

• The SSH backdoor that dreams (or nightmares) are made of
• Microsoft gets a solid spanking from the CSRB
• Ukraine uses an old Russian WinRAR bug to hack Russia
• Push-notifications and social-engineering combined-arms vs Apple
• And much, much more.

We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.

This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.

• Risky Biz News: Supply chain attack in Linuxland
• oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
• Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
• Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
• GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
• research!rsc: The xz attack shell script
• DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
• Review of the Summer 2023 Microsoft Exchange Online Intrusion
• Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
• Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
• Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
• Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away

In this conversation Risky Business host Patrick Gray speaks with SentinelOne’s Chris Krebs and Alex Stamos about what sort of cyber enabled interference we can expect in the 2024 US presidential race.

Alex was the CISO at Facebook during the 2016 election, and Chris Krebs was responsible for US election security as the director of CISA in 2020.

Watch the video version of this episode on Youtube.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• FVEY protests China’s widespread hacking of western politicians
• China bans western CPUs, Windows and databases
• Apple’s leaky M-chip prefetcher
• Nigeria holds ex-IRS investigator hostage in Binance stoush
• Researchers bring Rowhammer to AMD Zen and DDR5
• And much, much more.

This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.

• Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov
• Parliament network breached in China-led cyberattack, Judith Collins reveals
• China blocks use of Intel and AMD chips in government computers
• Announcement of Safety and Reliability Evaluation Results (No. 1, 2023)
• Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica
• How Ukraine is using mobile phones on 6ft poles to stop drones
• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop
• US penalizes Russian fintech firms that helped others evade sanctions
• UN probing 58 alleged crypto heists by North Korea worth $3 billion
• Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance
• The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED
• Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show
• ‘Far-reaching’ hack stole information from Python developers
• ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
• One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem
• Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Turns out AI is still bad code review after all,
• Mintlify loses a bunch of Github tokens,
• Everything old is new again with the UDP loop DoS,
• Know-your-(recon satellite)-customer is hard,
• Microsoft takes away Russia’s powershell, solving living off the land,
• And much, much more

This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

• Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim
• Incident report on March 13, 2024 - Mintlify
• Loop DoS: New Denial-of-Service attack targets application-layer protocols
• State of IP Spoofing
• Pharmaceutical development company investigating cyberattack after LockBit posting
• Exclusive: After LockBit’s takedown, its purported leader vows to hack on
• Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News
• A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic
• Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters
• Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ
• Russians will no longer be able to access Microsoft cloud services, business intelligence tools
• Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News
• Researchers spot updated version of malware that hit Viasat | CyberScoop
• Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
• PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA
• US is still chasing down pieces of Chinese hacking operation, NSA official says
• 875 workers rescued in Tarlac POGO raid | Philippine News Agency
• Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica
• Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Weather forecast in Redmond is still for blizzards at midnight
• Maybe Change Healthcare wasn’t just crying nation-state wolf
• Hackers abuse e-prescription systems to sell drugs
• CISA goes above and beyond to relate to its constituency by getting its Ivantis owned
• VMware drinks from the Tianfu Cup
• Much, much more

This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director.

John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing.

Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t.

• Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head
• Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security
• BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security
• Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive
• LockBit takes credit for February shutdown of South African pension fund
• Ransomware gang claims to have made $3.4 million after attacking children’s hospital
• Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X
• Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X
• How Hackers Dox Doctors to Order Mountains of Oxy and Adderall
• CISA forced to take two systems offline last month after Ivanti compromise
• VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica
• A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security
• Brief of Amici Curiae Former Government Officials
• Securities and Exchange Commission v Solarwinds Corp

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response
• Predator spyware maker getting a stern sanctioning
• A German military WebEx meeting gets snooped
• Mem-corrpution is still king
• And much, much more

In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP.

• U.S. Air Force employee charged with giving classified information to woman he met on dating site
• Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind’
• AlphV’s hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive
• Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
• Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)
• Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED
• Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes
• US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters
• Brett Callow on X: "#Lockbit has de-listed Fulton County.
• Predator spyware endures even after widespread exposure, analysis shows | CyberScoop
• Predator spyware infrastructure taken down after exposure | CyberScoop
• U.S. bans maker of spyware that targeted a senator's phone
• Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case
• Whatsapp Inc vs NSO Group
• Russia’s chief propagandist leaks intercepted German military Webex conversation
• The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice
• A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch
• In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive
• How to Secure the SaaS Apps of the Future | Okta Security

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• LockBit gets back up after takedown
• Russia arrests Medibank hacker… for something else
• ConnectWise gives out free updates, but customers aren’t happy
• Microsoft gives in to demands for more logs
• Sandvine gets entity-listed
• And much much more.

Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan.

In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code.

• LockBit group revives operations after takedown | Cybersecurity Dive
• Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders
• FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security
• Russia detains hacker behind Australia’s Medibank attack
• Russia arrests three alleged SugarLocker ransomware members
• Change Healthcare incident drags on as report pins it on ransomware group
• Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts
• ‘Alarming’ cyberattack hits Canada’s federal police, criminal investigation launched
• ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive
• Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop
• Sandvine added to US Entity List
• Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
• FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability
• Risky Biz News: Backdoor code found in Tornado Cash
• House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan
• The UK Is GPS-Tagging Thousands of Migrants | WIRED
• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
• New Biden order would stem flow of Americans’ sensitive data to China - The Washington Post

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• LockBit has been taken down by law enforcement
• Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON
• GRU gets its Moobot network shutdown
• Signal adding usernames is… complicated
• Much, much more

In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so.

• Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security
• Law enforcement disrupt world’s biggest ransomware operation
• Shanghai Anxun’s information is unreliable and is a trap for national government agencies.
• China spy agency renews foreign cyber intelligence warning after data breaches
• US Justice Department says it disrupted Russian intelligence hacking network | Reuters
• Several Ukrainian media outlets attacked by Russian hackers
• Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims
• Hackers are targeting Asian bank accounts using stolen facial recognition data
• Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED
• Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
• “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.”
• FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING
• CVSS 10 RCE in Screen Connect
• National Security Agency Announces Retirement of Cybersecurity Director
• Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• Somehow there are still more Ivanti and Fortinet exploits
• Volt Typhoon have been at it for years
• Starlink in Ukraine gets complicated
• Canadians hate poor Flipper
• Much, much more…

In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.

• Microsoft Azure customers hit by phishing, account takeover attacks | Cybersecurity Dive
• Ivanti publishes urgent warning about new vulnerability
• How is Pulse Secure Formed
• Attackers hit more networking gear, this time a critical Fortinet CVE | Cybersecurity Dive
• End Of General Availability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518)
• Coker: ONCD is studying ‘liability regimes’ for software flaws
• Chinese hackers spent 5 years in US infrastructure, ready to attack
• CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’
• Russia using Starlink
• Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown | Ars Technica
• Health insurance data breach affects nearly half of France’s population, privacy regulator warns
• Hackers attack 25 Romanian hospitals
• Catalin on the Rhysider ransomware decrypter going public
• A password manager LastPass calls “fraudulent” booted from App Store | Ars Technica
• From Cybercrime Saul Goodman to the Russian GRU – Krebs on Security

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover:

• Iran tries an election hack’n’leak like its still 2016
• Crowdstrike takes home the Pwnie for Epic Fail at DEF CON
• UK healthcare SaaS faces six million pound fine for lack of MFA
• US circuit courts disagree on geofence warrants
• Our roundup of juicy Blackhat/DEF CON research
• And much, much more.

This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through into the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems.

You can also watch this week’s show on Youtube.

• Trump campaign points finger at Iranian hackers for documents leak
• FBI says it's investigating efforts to hack Trump and Biden-Harris campaigns
• Iranian hackers ramping up US election interference, Microsoft warns
• State Dept puts $10 million bounty on IRGC-CEC hackers
• CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says | Cybersecurity Dive
• Dominic White 👾 on X: "CrowdStrike accepting the @PwnieAwards for “most epic fail” at @defcon. Class act. https://t.co/e7IgYosHAE" / X
• Russia's Kursk region suffers 'massive' DDoS attack amid Ukraine offensive
• Elon Musk on X: "@markpinc Yeah" / X
• Progress Software says SEC declines to pursue action related to MOVEit exploitation spree | Cybersecurity Dive
• NHS software supplier Advanced faces £6m fine over ransomware attack failings
• Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms | TechCrunch
• 5th Circuit rules geofence warrants illegal in win for phone users’ privacy | Ars Technica
• Customs and Border Protection agents need a warrant to search your phone - The Verge
• Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say | TechCrunch
• ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED
• Downgrade Attacks Using Windows Updates | SafeBreach
• Listen to the whispers: web timing attacks that actually work | PortSwigger Research
• Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
• Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! | DEVCORE
• Trail of Bits Advances to AIxCC Finals | Trail of Bits Blog

In this sponsored Soap Box edition of the show we talk to Proofpoint’s Chief Strategy Officer Ryan Kalember about making security tech more people centric.

We often talk about how we can use signals from users to drive some of our security tech. But what about using our security tech to drive user behaviour?

Ryan thinks there are some opportunities here, particularly around identity security.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Crowdstrike talks loud in its postmortem, but says very little
• Digicert fears the CA-Browser Forum, gets lawsuit from a customer
• Dmitri Alperovitch joins the show to talk about the Russian prisoner swap
• Cloudflare continues to harbour scum and villainy
• Professional ransomware crew … is an improvement?
• And much, much more.

This week’s episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer.

• CrowdStrike investors file class action suit following global IT outage | Cybersecurity Dive
• CrowdStrike rebukes Delta’s negligence claims in fiery letter | Cybersecurity Dive
• Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf
• Sparks fly when lawyers meet a certificate revocation
• crt.sh | Alegeus
• U.S. releases Russian hackers in Evan Gershkovich prisoner swap
• U.S. Trades Cybercriminals to Russia in Prisoner Swap – Krebs on Security
• Who are the two major hackers Russia just received in a prisoner swap? | Ars Technica
• Hackers remotely wipe 13,000 students’ iPads and Chromebooks after breaching safety software
• Mobile Guardian Device Management Application to be removed | MOE
• Ford wants patent for tech allowing cars to surveil and report speeding drivers
• I'm Sorry, Dave, You're Speeding | WIRED
• Cloudflare once again comes under pressure for enabling abusive sites | Ars Technica
• Low-Drama ‘Dark Angels’ Reap Record Ransoms – Krebs on Security
• Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say | TechCrunch
• Unfashionably secure: why we use isolated VMs – Thinkst Thoughts
• Defending AI Model Files from Unauthorized Access with Canaries | NVIDIA Technical Blog

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• The insurance industry’s reaction to CrowdStrike’s mess
• Google’s Workspace email validation flaw and its consequences for OAuth’d applications
• Is the VMWare ESX group membership feature a CVE or an FYI?
• Secureboot continues to under-deliver
• North Korea’s revenue neutral intelligence services
• And much, much more

This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.

This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!

• Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive
• Delta hires David Boies to seek damages from CrowdStrike, Microsoft
• CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive
• (1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube
• CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch
• Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security
• Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica
• Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop
• AMI Platform Key leak undermines Secure Boot on 800+ PC models
• Chrome will now prompt some users to send passwords for suspicious files | Ars Technica
• Google Online Security Blog: Improving the security of Chrome cookies on Windows
• A Senate Bill Would Radically Improve Voting Machine Security | WIRED
• U.S. told Philippines it made ‘missteps’ in secret anti-vax propaganda effort | Reuters
• Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop
• North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
• North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
• North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop
• ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive
• Chaining Three Bugs to Access All Your ServiceNow Data
• Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

In this episode of Wide World of Cyber, Risky Business host Patrick Gray discusses the recent CrowdStrike incident and its implications for security software that operates in kernel space with Chris Krebs and Alex Stamos of SentinelOne, a CrowdStrike Competitor. The conversation also delves into Microsoft’s role in this whole disaster and the potential changes it could make to its operating system to prevent similar incidents in the future.

A video version of this episode is also available on Youtube!

The Risky Biz main show returns from a break to the traditional internet-melting mess that happens whenever Patrick Gray takes a holiday. Pat and Adam Boileau talk through the week’s security news, including:

• Oh Crowdstrike, no, oh no, honey, no
• AT&T stored call records on Snowflake and you’ll never guess what happened next
• Squarespace buys Google Domains and makes a hash of it
• Some but not all of the SECs case against Solarwinds gets thrown out
• Pity the incident responders digging through a terabyte of Disney Slack dumps
• Internet Explorer rises from the grave, and it wants SHELLS RAAAAARGH SSHHEEELLLS
• And much, much more.

This week’s show is brought to you by Sublime Security, a flexible and modern email security platform. If you’re sick of using a black box email security solution, Sublime is a terrific option for you.

• Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems
• Low-level cybercriminals are pouncing on CrowdStrike-connected outage | CyberScoop
• CrowdStrike says flawed update was live for 78 minutes | Cybersecurity Dive
• Crooks Steal Phone, SMS Records for Nearly All AT&T Customers – Krebs on Security
• Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security
• Teenage suspect in MGM Resorts hack arrested in Britain
• Majority of SEC civil fraud case against SolarWinds dismissed, but core remains | Cybersecurity Dive
• How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter | WIRED
• Kaspersky Lab Closing U.S. Division; Laying Off Workers
• Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED
• Wallets tied to CDK ransom group received $25 million two days after attack | CyberScoop
• UnitedHealth’s cyberattack response costs to surpass $2.3B this year | Cybersecurity Dive
• Ransomware ecosystem fragmenting under law enforcement pressure and distrust
• Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Brazil’s supreme court bans X-formerly-Twitter,
• Iranian cyber teams cooperate with ransomware crews
• While North Koreans wield chrome-windows 0-day
• Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
• The White House is coming for your unsigned BGP announcements
• And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!

You can also watch this episode on Youtube.

• Brazil X ban: Top court judges uphold block of Musk's platform
• Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA
• Malicious North Korean packages appear again in open source code repository
• North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog
• SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions
• Chinese ‘Spamouflage’ operatives are mimicking disillusioned Americans online
• Researchers uncover ‘SlowTempest’ espionage campaign within China
• City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica
• Bypassing airport security via SQL injection
• Cyberattack hits agency responsible for London’s transport network
• German air traffic control agency confirms cyberattack, says operations unaffected
• White House calls attention to ‘hard problem’ of securing internet traffic routing
• Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say
• YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
• CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive
• Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• SEC fines tech firms for downplaying the Solarwinds hacks
• Anonymous Sudan still looks and quacks like a Russian duck
• Apple proposes max 10 day TLS certificate life
• Oopsie! Microsoft loses a bunch of cloud logs
• Veeam and Fortinet are bad and should feel bad
• North Koreans are good (at hacking)
• And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish.

This episode is also available on Youtube.

• Four cyber companies fined for SolarWinds disclosure failures
• U.S. charges Sudanese men with running powerful cyberattack-for-hire gang
• Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED
• Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious
• Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive
• Risky Biz News: Apple wants to reduce the lifespan of TLS certificates to 10 days
• Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police
• Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises
• North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica
• Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security
• Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica
• Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive
• FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica
• Hackers reportedly impersonate cyber firm ESET to target organizations in Israel
• The latest in North Korea’s fake IT worker scheme: Extorting the employers

On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including:

• Chinese spooks all up in western telco lawful intercept
• Jerks ruin the Internet Archive’s day
• Microsoft drops a great report with a bad chart
• The feds make their own crypto currency and get it pumped
• Forti-, Palo- and Ivanti-fail
• And much, much more.

This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs.

This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE)

• White House forms emergency team to deal with China espionage hack - The Washington Post
• DDoS attacks on Internet Archive continue after data breach impacting 31 million
• Microsoft Digital Defense Report 2024
• Ransomware encryption down amid surge of attacks, Microsoft says | CyberScoop
• Russian court websites down after breach claimed by pro-Ukraine hackers
• Ukrainian anti-corruption agency reportedly finds no violations in disclosures of top cyber official
• Trump campaign turns to secure hardware after hacking incident | Reuters
• FBI creates its own crypto token to nab suspects in alleged fraud scheme
• District of Massachusetts | Eighteen Individuals and Entities Charged in International Operation Targeting Widespread Fraud and Manipulation in the Cryptocurrency Markets | United States Department of Justice
• Critical CVE in 4 Fortinet products actively exploited | Cybersecurity Dive
• Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
• Palo Alto Expedition: From N-Day to Full Compromise
• Ivanti up against another attack spree as hackers target its endpoint manager | Cybersecurity Dive
• 1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies · GitHub
• Recently-patched Firefox bug exploited against Tor browser users
• Two never-before-seen tools, from same group, infect air-gapped devices - Ars Technica
• A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security
• Opinion | The Cyber Sleuth - Washington Post

In this edition of Snake Oilers we hear pitches from three security vendors:

• Sandfly Security: An agentless Linux security platform that actually sounds very cool
• Permiso: An identity security platform founded by ex FireEye folks
• Wiz: The cloud security giant is getting in on code security scanning

You can watch this edition of Snake Oilers on YouTube here.

Patrick Gray and Adam Boileau discuss the week’s infosec news with everyone’s favourite ex-NSA big-brain, Rob Joyce. They talk through:

• Musk and Durov bow to government pressure
• Tiktok rushes to ban authoritarian propagandists
• The US doesn’t want Chinese software in its cars
• Kaspersky replaces itself with an AV no one has ever heard of
• Aussie police chalk up another crimephone takedown
• Press Win-R Ctrl-V to prove you’re human
• And much, much more.

This week’s show is brought to you by Stairwell, and Stairwell’s founder Mike Wiacek will be along to talk about how people are using their platform to hunt down detection resistant malware.

A video version of this episode is also available on Youtube.

• Elon Musk backs down in his fight with Brazilian judges to restore X | Elon Musk | The Guardian
• Telegram says it will share phone numbers and IP addresses of ‘bad actors’ to authorities
• Jane Lytvynenko on X: "Ukrainian cybersecurity officials are limiting the use of Telegram for military, critical infrastructure, and other authorities. Budanov said he has “substantiated data” on Ru authorities having access to personal messages on TG, including removed ones. https://t.co/xOcnf7am9R" / X
• TikTok blocks dozens of Kremlin-backed media accounts
• Biden administration proposes rule banning Chinese, Russian connected vehicles and parts
• Some Kaspersky customers receive surprise forced-update to new antivirus software | TechCrunch
• Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’
• Police announce takedown and arrest mastermind behind criminal comms platform 'Ghost'
• Turning Everyday Gadgets into Bombs is a Bad Idea « bunnie's blog
• Iranian-linked election interference operation shows signs of recent access | CyberScoop
• Republicans demand FBI hearing on Iran theft of Trump documents
• Ermittlungen im Darknet: Strafverfolger hebeln Tor-Anonymisierung aus | tagesschau.de
• DOJ charges hackers for stealing $230 million in crypto from individual
• This Windows PowerShell Phish Has Scary Potential – Krebs on Security
• You can now use Apple’s best iPhone Mirroring feature on your Mac and iPhone | TechRadar

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Hezbollah’s attempts to avoid SIGINT with pagers ends in explosions
• The US shines many bright lights on RT’s disinfo role
• Australia counters Chinese bullying in the Pacific
• Valid accounts are the most prevalent entry point, says CISA’s data
• Ivanti and Fortinet vie for worst vendor of the week
• Krebs writes up the shift towards charging The Com with terrorism
• And much, much more…

This week’s episode is sponsored by Push Security, who bring security visibility to where it needs to be these days – the browser. Luke Jennings joins this week’s show to discuss how phish-kit crews are driving the arms race forward, and how detection has to adapt and go where the users are.

This episode is also available on Youtube.

• Israel planted explosives in Hezbollah's Taiwan-made pagers, sources say | Reuters
• How Hezbollah used pagers and couriers to counter Israel's high tech surveillance | Reuters
• Biden administration unveils new evidence of RT’s key role in Russian intelligence operations globally | CNN Politics
• Meta bans RT days after U.S. accused Russian outlet of disinformation
• U.S. to file charges in Trump campaign hacking case, officials say
• China suspected of hacking diplomatic body for Pacific islands region
• Chinese-made port cranes in US included 'backdoor' modems, House report says
• Stolen account info still chief risk for federal agencies, annual CISA audit finds
• Notice of Recent Security Incident | Fortinet Blog
• WordPress.org to require two-factor authentication for plugin developers | CyberScoop
• Multiple attacks force CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
• Ivanti Endpoint Manager and Ivanti Endpoint Manager Security Suite and Ivanti Cloud Service Application (CSA) - End Of Life (EOL)
• The Dark Nexus Between Harm Groups and ‘The Com’ – Krebs on Security
• Feds sentence 12 crypto thieves behind SIM swaps, home invasions
• Ex-CrowdStrike employees detail rising technical errors before July outage | Semafor
• Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
• Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information’
• US hits Intellexa spyware maker with more sanctions
• (1) BolivarCucuta on X: "Encuentran muerto al ciudadano israelí Yariv Bokor en Medellín En un apartamento de El Poblado, Medellín, fue encontrado sin vida el ciudadano israelí Yariv Bokor, con aparentes signos de violencia. Bokor estaba vinculado a la empresa Sandvine, la cual tiene relación con NSO https://t.co/EeY1os1omW" / X
• Instagram to bolster privacy and safety features for millions of teen users
• Mastercard buys Recorded Future for $2.65 billion | CyberScoop

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Russia’s disinformation peddlers face multifaceted sternness from the DoJ
• Telegram is now law enforcement’s bestest new pal, all of a sudden
• Iran’s banking industry arranges a payment plan for a ransom
• Columbia investigates how it sent private jets full of cash to pay for Pegasus
• Microsoft innovates with Un-Patch Tuesday
• And much, much more.

This week’s sponsor is Kroll Cyber, and one of their incident responders Paul Wells joins to discuss that one weird trick that actually helps - preparing for an incident before hand, rather than learning all those hard lessons in the middle of a crisis.

This week’s episode is also available on Youtube.

• Risky Biz News: Doppelganger gets a kick in the butt from Uncle Sam
• Russia focusing on American social media stars to covertly influence voters | Reuters
• Russian pro-democracy nonprofit investigates alleged data breach by Kremlin-backed hackers
• Biden administration hits Russia with sanctions over efforts to manipulate U.S. opinion ahead of the election
• US hits Chinese companies with new sanctions over Russia-Ukraine war
• Elon Musk’s Starlink backtracks to comply with Brazil’s ban on X | Elon Musk | The Guardian
• Why It's So Hard to Fully Block X in Brazil | WIRED
• Durov says Telegram will tackle criticism of how it moderates content | Reuters
• Navalny allies accuse Telegram and other platforms of censorship | Economy News | Al Jazeera
• How India tamed Twitter and set a global standard for online censorship - The Washington Post
• 2 white supremacists tried to spark race war by soliciting murder and hate crimes on Telegram, feds say
• Matthew Garrett: "Why clone a yubikey when you c…" - Nondeterministic Computer
• Iran pays millions in ransom to end massive cyberattack on banks, officials say – POLITICO
• Four Delaware men charged in international sextortion scheme that netted nearly $2 million | CyberScoop
• Colombian president suggests prior administration illegally sent $11 million in cash to Israel for spyware
• Poland’s constitutional court finds commission investigating use of Pegasus spyware unconstitutional | Notes From Poland
• CISA says SonicWall bug being exploited as experts warn of ransomware gang use
• SonicWall SSLVPN access control flaw is now exploited in attacks
• Bug Left Some Windows PCs Dangerously Unpatched – Krebs on Security

In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies:

• Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs
• Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst
• SlashID, an identity security company that can crunch your logs to find attackers

You can watch this edition of Snake Oilers on YouTube here.

• Welcome | authentik
• Dropzone AI: Reinforce your SOC with AI Analysts
• The identity stack to protect users and non-human identities | SlashID

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The SEC’s cyber incident reporting isn’t very exciting after all
• China Telecom on the way to being thrown out of the US
• The NSA/Cybercom might get two separate hats
• The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks
• (Yet another) File upload bug in Struts makes Java admins weep
• And much, much more.

This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they’re not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps’ Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing.

This episode is also available Youtube.

• SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive
• US senators, green groups call for accountability over hacking of Exxon critics | Reuters
• Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times
• Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News
• EU opens investigation into TikTok and the Romanian election – POLITICO
• Clop ransomware claims responsibility for Cleo data theft attacks
• CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News
• CVE-2024-55956 | AttackerKB
• Apache issues patches for critical Struts 2 RCE bug • The Register
• Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News
• Israeli spyware firm Paragon acquired by US investment group, report says | Reuters
• How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security
• Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop
• Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOne’s Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations.

They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of China’s Ministry of State Security and People’s Liberation Army.

It’s a very dense hour of conversation!

This podcast was recorded in front of an audience at the Museum of Contemporary Art in Sydney.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• CSRB to investigate China’s telco-wiretapping hacks
• Euro law enforcement takes down the Redline infostealer
• Someone steals Fed crypto… and then tries to quietly sneak it back in
• Russia sentences REvil guys to … jail? Really?
• Apple private cloud compute gets a proper bug bounty program
• And much, much more.

This week’s episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and Material Security’s Rajan Kapoor to talk about how to wrangle securing data that ends up in corporate cloud email and file stores.

This episode is also available on Youtube.

• Apple 10 day certificates
• Chinese hackers said to have collected audio of American calls
• U.S. Panel to Probe Cyber Failures in Massive Chinese Hack of Telecoms
• How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware
• Operation Magnus
• Hacker Returns $19.3 Million to Drained US Government Crypto Wallet
• Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts | WIRED
• Radar systems in Iran breached prior to Israel's Saturday counter-strike - report
• Delta sues CrowdStrike after widespread IT outage that caused thousands of cancellations
• Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds
• Microsoft CEO asked board to cut pay in connection with security overhaul | Cybersecurity Dive
• Four REvil members sentenced to more than four years in prison
• Russia says it might build its own Linux community after removal of several kernel maintainers
• Nigerian court drops charges against detained Binance executive Tigran Gambaryan
• Apple will pay security researchers up to $1 million to hack its private AI cloud | TechCrunch
• SonicWall firewalls the common access point in spreading ransomware campaign | Cybersecurity Dive
• Fortinet zero-day attack spree hits at least 50 customers | Cybersecurity Dive
• Cisco warns actively exploited CVE can lead to DoS attacks against VPN services | Cybersecurity Dive
• Chinese influence operation targets US down-ballot races, Microsoft says | Reuters
• Exclusive: Accused Iranian hackers successfully peddle stolen Trump emails | Reuters
• Viral video of ripped-up Pennsylvania ballots is fake and Russian-made, intelligence agencies say
• Product Demo: Securing M365 and Google Workspace with Material Security