Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow.
- Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad
- After six years dormant, a Magento eCommerce platform backdoor comes to life
- The North Korean IT worker scam is truly webscale
- NSO group owes Meta $168m for hacking WhatsApp
This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars?
This week’s show also features an excerpt from Pat’s interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube.
This episode is available on Youtube too.
Show notes
- Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages
- Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs
- The Signal Clone the Trump Admin Uses Was Hacked
- App used by Mike Waltz suspends services after hacking claims
- Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation
- MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X
- Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News
- Co-op DragonForce cyber attack includes customer data, firm admits
- Co-op cyber attack: Staff told to keep cameras on in meetings
- Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica
- Microsoft’s new “passwordless by default” is great but comes at a cost - Ars Technica
- Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica
- North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
- US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News
- Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News
- Trump proposes major cut to CISA’s budget, citing false ‘censorship’ claims | Cybersecurity Dive
- NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News
- NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop