Risky Business · Easy Podcasts

Risky Business #674 -- "Free money" exploit spawns $150m blockchain feeding frenzy

August 02, 2022 00:00 44.59 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Taiwanese websites hit with DDoS attacks as Pelosi begins visit 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica Federal court system suffered previously undisclosed breach, congressional committee says Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria Eavesdropping probe finds Israeli police exceeded authority | AP News Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future On security researcher's newsletter, exposing cybercriminals behind ransomware Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future

Risky Business #673 -- When throwing computers into a woodchipper is standard IR

July 26, 2022 00:00 55.93 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Entrust being ransomwared is good news UEFI bootkits turn hardware into landfill Microsoft resumes macro blocking rollout Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea Much, much more This week’s sponsor guest is Paul “The Voice” Lanzi of Remediant. He’s popping along to talk about the emergence of a new product category – Identity Threat Detection and Response, or ITDR. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Italy investigating ransomware attack on tax agency - The Record by Recorded Future IT security giant Entrust says it's investigating alleged June data breach - The Record by Recorded Future Microsoft resuming default block of Office VBA macros - The Record by Recorded Future Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors | Federal Public Service Foreign Affairs Cyber Command shares bevy of new malware used against Ukraine - The Record by Recorded Future Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health Congress goes after spyware purveyors. Will it make a difference? Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future TSA unveils updated cybersecurity regulations of oil and gas pipelines - The Record by Recorded Future Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED Federal privacy legislation progresses, but concerns about data brokers loom China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues - The Record by Recorded Future T-Mobile reaches historic $350 million settlement in 2021 data breach - The Record by Recorded Future Former Coinbase Manager Arrested by Feds for Alleged Insider Trading Cisco patches dangerous bug trio in Nexus Dashboard | The Daily Swig Atlassian patches batch of critical vulnerabilities across multiple products | The Daily Swig Hardcoded password in Confluence app has been leaked on Twitter | Ars Technica

Risky Business #672 -- "Expected behaviour" is in the eye of the beholder

July 19, 2022 00:00 51.4 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the DHS Cyber Safety Review Board’s Log4j report Joshua Schulte no longer the “alleged” Vault7 leaker Chinese APT crews targeted US political journalists before Jan 6 Ransomware gangs make leak sites searchable Why recovering plaintext passwords from Okta is expected behaviour US Government seizes North Korean ransomware payment Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’ Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future Who-is-Trickbot.pdf A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security Risky Biz News: Google removes app permissions from the Play Store Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica ‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com Okta Response to Security Report | Okta DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future Colorado police investigating ransomware attack on small town - The Record by Recorded Future Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future MiCODUS MV720 GPS tracker | CISA Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware Are blockchains decentralized? | Trail of Bits Blog Announcing the new Trail of Bits podcast | Trail of Bits Blog GitHub - trailofbits/it-depends: A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

Risky Business #671 -- The case for an American-owned NSO Group

July 12, 2022 00:00 55.69 MB Downloads: 0

On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including: Why an American defence contractor acquiring NSO Group would be a nonproliferation win A look at Microsoft’s botched macro measures iPhone’s Lockdown Mode Ukraine goes big on Yubikeys Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash Much, much more This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem. NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine. Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing. Show notes L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA North Korea is targeting hospitals with ransomware, U.S. agencies warn Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future Chinese Hackers Targeting Russian Government and Telcos DeFi Hacker Returns $8m Millions in Cryptocurrency Stolen in Phishing Attacks

Risky Biz Soap Box: Running a global vulnerability management program

July 10, 2022 00:00 34.06 MB Downloads: 0

Today’s soap box is brought to you by Nucleus Security. Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc. If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos page, I’ve linked through to it in the show notes for this podcast. Our guest in this episode is Scott Kuffer, co-founder of Nucleus, and the topic is running a vulnerability management program in a very large enterprise. Show notes Nucleus Security Product Demo on Risky Biz YouTube Channel

Risky Business #670 -- China's world record data breach

July 05, 2022 00:00 60.59 MB Downloads: 0

On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including: A billion records leaked in China China to develop desktop operating system HackerOne fires insider for stealing hackers’ work and bounties FSB officer charged with stealing hacker’s bitcoin Why Microsoft is wrong on Russia and Ukraine Much, much more Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain. Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing. Show notes Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters China lured graduate jobseekers into digital espionage | Ars Technica Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised (2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС Cybersecurity experts question Microsoft's Ukraine report (4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future State unemployment, jobs services down around the country after cyberattack NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future Nucleus Security's vulnerability management platform - YouTube Explore Atomic Red Team

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

June 28, 2022 00:00 64.56 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "🎉" / Twitter

Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

June 25, 2022 00:00 25.99 MB Downloads: 0

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions. But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

Risky Business #668 -- Microsoft is hiding its Azure security problems

June 21, 2022 00:00 62.3 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency’s audio recordings Much, much more This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice MPs back quiet diplomacy in Assange case Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica Microsoft’s Vulnerability Practices Put Customers At Risk | LinkedIn Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future Telegram: Contact @tass_agency Microsoft pulls Windows 10 and 11 in Russia • The Register DDoS Attacks Delay Putin Speech at Russian Economic Forum Russia warns of a “military clash” if it’s hit by US cyberattacks - The Record by Recorded Future Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post Srsly Risky Biz: Friday June 17 - by Tom Uren Suspect in hacking Russian customs detained in Moscow String of attacks on French telecom infrastructure preceded April attack on fiber optic cables Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future Ukrainian cybersecurity officials disclose two new hacking campaigns Police Linked to Hacking Campaign to Frame Indian Activists | WIRED INTERPOL raids hundreds of scammy call centers in sweep A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED Ranking The World's Angriest Scammers - 10/10 Rage - YouTube MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it The tale of a whale who took Solend’s money – Amy Castor

Risky Business #667 -- "Shields Up" for cyber's forever war

June 12, 2022 00:00 56.53 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple’s passkey release foreshadows FIDO mass adoption Much, much more This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News White House: cyber activity not against Russia policy | Reuters 'Shields Up': the new normal in cyberspace Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022 «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru Киев использовал против России новый принцип кибератак - Ведомости Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022 FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant Risky Biz News: LockBit-Mandiant drama, explained How Binance became a hub for hackers, fraudsters and drug sellers Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore. Fed cyber officials detail Chinese state hackers using common exploits against telcos Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED Zero-Day Exploitation of Atlassian Confluence | Volexity Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter NFT insider trading charges filed against former OpenSea employee Nate Chastain Detecting BPFDoor backdoor payload | Elastic

Risky Business #666 -- The msdt RTF of DOOM

May 30, 2022 00:00 49.98 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube

Risky Business -- #665 You can ransomware whole countries now

May 24, 2022 00:00 57.25 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited’ after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW’s Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large’ org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary

SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns

May 19, 2022 00:00 14.79 MB Downloads: 0

The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.

Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you

May 17, 2022 00:00 38.51 MB Downloads: 0

In this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.

Risky Business #664 -- The Spanish Prime Minister got Pegasus'd

May 03, 2022 00:00 49.52 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Spanish PM’s phone infected by Pegasus Microsoft drops Ukraine research report We can’t make heads or tails out of the FBI’s transparency report France hit with coordinated fibre sabotage campaign Why Musk’s algorithm pledge is meaningless Much, much more This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Spyware attack targeted Spanish prime minister’s phone - The Record by Recorded Future Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ | Spain | The Guardian Russia’s hackers and military went after the same targets in Ukraine, Microsoft says Russia Is Being Hacked at an Unprecedented Scale | WIRED Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future 2022_ASTR_for_CY2020_FINAL.pdf Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans’ Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities Who tried to hack Hawaii’s undersea cable? - The Record by Recorded Future Nauru police emails leaked to protest against Australia's offshore detention Fighting Fake EDRs With ‘Credit Ratings’ for Police – Krebs on Security Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline Musk's plans to make Twitter's algorithms public raises disinformation conundrum Elon Musk’s Plan to Open Source the Twitter Algorithm Won’t Solve Anything | WIRED Kronos cyber attack sparks lawsuits against employers | BenefitsPRO German wind farm operator confirms cybersecurity incident - The Record by Recorded Future German library service struggling to recover from ransomware attack - The Record by Recorded Future Trinidad’s largest supermarket chain crippled by cyberattack - The Record by Recorded Future Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future Crypto Hackers Stole More Than $370 Million In April Alone Airlock Digital Demo - YouTube Risky Business News | Patrick Gray | Substack

Add New Podcast

Subscribe to this podcast