Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #711 -- Albanian authorities raid MEK camp over Iran hacks
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Albanian authorities raid MEK over Iran hacks
- Microsoft admits “Anonymous Sudan” took down its services
- US Government puts $10m bounty on CL0P
- A deeper look at the Barracuda hack campaign
- Much, much more
This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Police raid Iranian opposition camp in Albania, seize computers | AP News
- Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan
- Anonymous Sudan and Killnet strike again, target EIB
- Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop
- Hackers infect Russian-speaking gamers with fake WannaCry ransomware
- US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive
- (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter
- U.S. government says several agencies hacked as part of broader cyberattack
- Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive
- Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive
- Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant
- New DOJ unit will focus on prosecuting nation-state cybercrime
- EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’
- The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED
- Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker
- Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian
- Bipartisan bill would protect Americans’ data from export abroad
- District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice
- I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon
- CID-FLYER-TEMPLATE
- New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop
- Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes
- Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice
- BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange