Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #688 -- APT41 pickpockets Uncle Sam
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Samsung, LG Android signing keys pinched
- LastPass gets owned again
- APT41 steal covid relief money
- Amnesty International hacked in Canada
- Much, much more
This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Risky Biz News: Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware
- Leaked Android Platform Certificates Create Risks for Users | Rapid7 Blog
- 100 - Platform certificates used to sign malware - apvi
- Hackers accessed LastPass customer details using information stolen in August hack - The Record by Recorded Future
- Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says
- Amnesty International breach linked to Chinese government, investigation finds - The Record by Recorded Future
- Iranian espionage campaign targets journalists, diplomats, activists, says Human Rights Watch - The Record by Recorded Future
- New details on commercial spyware vendor Variston
- ‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter - The Record by Recorded Future
- Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica
- ChatGPT shows promise of using AI to write malware - CyberScoop
- DHS cyber safety board to probe Lapsus$ hacks - The Record by Recorded Future
- Kris Nóva: "We are currently investigating…" - Hachyderm.io
- Hive Social turns off servers after researchers warn hackers can access all data | Ars Technica
- Spam is drowning out Twitter posts about Covid protests in China
- French hospital complex suspends operations, transfers patients after ransomware attack - The Record by Recorded Future
- Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen | SecurityWeek.Com
- Guatemala's Foreign Ministry investigating ransomware attack - The Record by Recorded Future
- Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald
- UK introducing mandatory cyber incident reporting for managed service providers - The Record by Recorded Future
- Florida Man Sentenced To 18 Months For Theft Of Over $20 Million In SIM Swap Scheme | USAO-SDNY | Department of Justice
- Binance freezes $3 million worth of crypto stolen in Ankr hack - The Record by Recorded Future
- Play app with 100K downloads booted for forwarding texts to developer server | Ars Technica
- Go SAML library vulnerable to authentication bypass | The Daily Swig
- Okta and Phishing Resistant Authentication - YouTube