Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #712 -- The 336,000 undead Fortigates of DOOM
July 11, 2023
00:00
66.37 MB
Downloads: 0
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- The SEC is targeting SolarWinds executives
- UK to make banks liable for fraud
- NSA issues advice on UEFI trojan
- Microsoft blocks 100+ dodgy drivers
- The US IC knew what Prihozhin was up to. But what FSB doing?
- Much, much more
This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive
- While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News
- New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud
- Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop
- Major Japanese port suspends operation following ransomware attack
- Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive
- Chinese state-backed hackers accidentally infected a European hospital with malware
- Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica
- 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica
- CISA says latest VMware analytics bug being exploited
- MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive
- Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica
- U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post
- Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt
- Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop
- Hackers claim to take down Russian satellite communications provider
- Russian railway site allegedly taken down by Ukrainian hackers
- Several US states investigating ‘SiegedSec’ hacking campaign
- Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop
- Hacktivists steal government files from Texas city Fort Worth | TechCrunch
- Belarusian hacktivists сlaim to breach country’s leading state university
- British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar
- Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED
- Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow
- More than 6,500 arrested since French and Dutch police’s EncroChat hack
- BreachForums seized by FBI three months after arrest of alleged admin
- BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop
- Genesis Market gang tries to sell platform after FBI disruption
- Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive
- CSI_BlackLotus_Mitigation_Guide.PDF
- Hacks targeting British exam boards raise fears of students cheating
- More than $125 million taken from crypto platform Multichain
- Twitter’s chaotic weekend of outages and rate limits leaves more questions than answers
- Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica