Risky Business
Risky Business
#technology #technews

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Similar Podcasts

In Machines We Trust

In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.

The Cynical Developer

The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career, through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.

Elixir Outlaws

Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.

Risky Business #675 -- The problem with Mudge's whistleblowing complaint

August 24, 2022 1:05:45 63.13 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A deep look at Mudge’s sensational whistleblower complaint against Twitter Brazilian Federal Police raid Lapsus$ crew NSO CEO to stand down (again), 100 staff to be let go Signal users impacted in Twilio incident Tornado Cash OFACs around and finds out Much, much more This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED TikTok Says, No, It Isn't Stealing Your Passwords Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future Israeli spyware company NSO Group CEO steps down | Reuters How a Third-Party SMS Service Was Used to Take Over Signal Accounts VIASAT hack impacted French critical services | Cybernews DOJ now relies on paper for its most sensitive court documents, official says Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury OFAC Around and Find Out - Lawfare Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future Risky Biz News: Is ransomware going after the Global South? Sure looks like it! Ransomware Now Threatens the Global South | Royal United Services Institute Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future Breaking SIDH in polynomial time Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future North Korea-backed hackers have a clever way to read your Gmail | Ars Technica When Efforts to Contain a Data Breach Backfire – Krebs on Security Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future Anonymous poop gifting site hacked, customers exposed

Risky Business #675 -- The problem with Mudge's whistleblowing complaint

August 23, 2022 00:00 63.13 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A deep look at Mudge’s sensational whistleblower complaint against Twitter Brazilian Federal Police raid Lapsus$ crew NSO CEO to stand down (again), 100 staff to be let go Signal users impacted in Twilio incident Tornado Cash OFACs around and finds out Much, much more This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED TikTok Says, No, It Isn't Stealing Your Passwords Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future Israeli spyware company NSO Group CEO steps down | Reuters How a Third-Party SMS Service Was Used to Take Over Signal Accounts VIASAT hack impacted French critical services | Cybernews DOJ now relies on paper for its most sensitive court documents, official says Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury OFAC Around and Find Out - Lawfare Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future Risky Biz News: Is ransomware going after the Global South? Sure looks like it! Ransomware Now Threatens the Global South | Royal United Services Institute Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future Breaking SIDH in polynomial time Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future North Korea-backed hackers have a clever way to read your Gmail | Ars Technica When Efforts to Contain a Data Breach Backfire – Krebs on Security Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future Anonymous poop gifting site hacked, customers exposed

Risky Biz Soap Box: Okta's Brett Winterford on session cookie theft and mitigations

August 09, 2022 0:40:58 39.34 MB Downloads: 0

In this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking

Risky Biz Soap Box: Okta's Brett Winterford on session cookie theft and mitigations

August 08, 2022 00:00 39.34 MB Downloads: 0

In this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking

Risky Business #674 -- "Free money" exploit spawns $150m blockchain feeding frenzy

August 03, 2022 0:46:27 44.59 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Taiwanese websites hit with DDoS attacks as Pelosi begins visit 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica Federal court system suffered previously undisclosed breach, congressional committee says Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria Eavesdropping probe finds Israeli police exceeded authority | AP News Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future On security researcher's newsletter, exposing cybercriminals behind ransomware Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future

Risky Business #674 -- "Free money" exploit spawns $150m blockchain feeding frenzy

August 02, 2022 00:00 44.59 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn like Apple’s Passkeys aren’t a great enterprise solution. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Taiwanese websites hit with DDoS attacks as Pelosi begins visit 'Frenzied mob' steals more than $156 million from crypto platform Nomad - The Record by Recorded Future Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial | WIRED Post-quantum encryption contender is taken out by single-core PC and 1 hour | Ars Technica Federal court system suffered previously undisclosed breach, congressional committee says Australian police charge man with developing spyware used by more than 14,500 people - The Record by Recorded Future Risky Biz News: Microsoft puts the limelight on another spyware maker—DSIRF from Austria Eavesdropping probe finds Israeli police exceeded authority | AP News Hacker use of Microsoft macros plummeted after default block: report - The Record by Recorded Future On security researcher's newsletter, exposing cybercriminals behind ransomware Luxembourg energy companies struggling with alleged ransomware attack, data breach - The Record by Recorded Future At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint - The Record by Recorded Future American Dental Association says April cyberattack involved ransomware - The Record by Recorded Future Ransomware group demands £500,000 from British schools, citing cyber insurance policy - The Record by Recorded Future Hackers stole passwords for accessing 140,000 payment terminals | TechCrunch Experts warn of hacker claiming access to 50 U.S. companies through breached MSP - The Record by Recorded Future German prosecutors issue warrant for Russian government hacker over energy sector attacks - The Record by Recorded Future The commercial satellite boom is leaving space vulnerable to hackers - The Record by Recorded Future Report to Congress of the U.S.-China Economic and Security Review Commission - U.S.-China Economic and Security Review Commission - Google Books Spanish police arrest two accused of hacking radioactivity alert system - The Record by Recorded Future

Risky Business #673 -- When throwing computers into a woodchipper is standard IR

July 26, 2022 00:00 55.93 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Entrust being ransomwared is good news UEFI bootkits turn hardware into landfill Microsoft resumes macro blocking rollout Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea Much, much more This week’s sponsor guest is Paul “The Voice” Lanzi of Remediant. He’s popping along to talk about the emergence of a new product category – Identity Threat Detection and Response, or ITDR. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Italy investigating ransomware attack on tax agency - The Record by Recorded Future IT security giant Entrust says it's investigating alleged June data breach - The Record by Recorded Future Microsoft resuming default block of Office VBA macros - The Record by Recorded Future Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors | Federal Public Service Foreign Affairs Cyber Command shares bevy of new malware used against Ukraine - The Record by Recorded Future Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health Congress goes after spyware purveyors. Will it make a difference? Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future TSA unveils updated cybersecurity regulations of oil and gas pipelines - The Record by Recorded Future Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED Federal privacy legislation progresses, but concerns about data brokers loom China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues - The Record by Recorded Future T-Mobile reaches historic $350 million settlement in 2021 data breach - The Record by Recorded Future Former Coinbase Manager Arrested by Feds for Alleged Insider Trading Cisco patches dangerous bug trio in Nexus Dashboard | The Daily Swig Atlassian patches batch of critical vulnerabilities across multiple products | The Daily Swig Hardcoded password in Confluence app has been leaked on Twitter | Ars Technica

Risky Business #672 -- "Expected behaviour" is in the eye of the beholder

July 19, 2022 00:00 51.4 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the DHS Cyber Safety Review Board’s Log4j report Joshua Schulte no longer the “alleged” Vault7 leaker Chinese APT crews targeted US political journalists before Jan 6 Ransomware gangs make leak sites searchable Why recovering plaintext passwords from Okta is expected behaviour US Government seizes North Korean ransomware payment Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’ Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future Who-is-Trickbot.pdf A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security Risky Biz News: Google removes app permissions from the Play Store Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica ‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com Okta Response to Security Report | Okta DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future Colorado police investigating ransomware attack on small town - The Record by Recorded Future Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future MiCODUS MV720 GPS tracker | CISA Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware Are blockchains decentralized? | Trail of Bits Blog Announcing the new Trail of Bits podcast | Trail of Bits Blog GitHub - trailofbits/it-depends: A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

Risky Business #671 -- The case for an American-owned NSO Group

July 12, 2022 00:00 55.69 MB Downloads: 0

On this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including: Why an American defence contractor acquiring NSO Group would be a nonproliferation win A look at Microsoft’s botched macro measures iPhone’s Lockdown Mode Ukraine goes big on Yubikeys Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash Much, much more This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Executive Vice President of Cybersecurity Strategy, joins us in this week’s sponsor interview to talk about changes he’s observed in the criminal ecosystem. NOTE: This podcast contains an error. We say that iOS Lockdown Mode prevents users from using an MDM profile on their devices. It doesn’t, it just stops new MDM profiles from being loaded while in Lockdown Mode, so corporate users will be able to turn it on just fine. Links to everything that we discussed are below and you can follow Patrick or Dmitri on Twitter if that’s your thing. Show notes L3Harris drops bid for NSO spyware following U.S. concerns - The Washington Post Apple introduces 'Lockdown Mode' iPhone feature to block elite spyware Risky Biz News: Thousands of Yubikeys have been deployed in Ukraine, more to come PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive | The Daily Swig Microsoft makes major course reversal, allows Office to run untrusted macros [Updated] | Ars Technica Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ - The Record by Recorded Future Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' Rocket maker agrees to pay $9 million to settle allegations of cybersecurity violations - The Record by Recorded Future North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector | CISA North Korea is targeting hospitals with ransomware, U.S. agencies warn Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs - The Record by Recorded Future French telecom company La Poste Mobile struggling to recover from ransomware attack - The Record by Recorded Future Cyberattack knocks out California community college email, website, landlines - The Record by Recorded Future OPM breach victims expected to receive about $700 each after class action settlement - The Record by Recorded Future Chinese Hackers Targeting Russian Government and Telcos DeFi Hacker Returns $8m Millions in Cryptocurrency Stolen in Phishing Attacks

Risky Biz Soap Box: Running a global vulnerability management program

July 10, 2022 00:00 34.06 MB Downloads: 0

Today’s soap box is brought to you by Nucleus Security. Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc. If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos page, I’ve linked through to it in the show notes for this podcast. Our guest in this episode is Scott Kuffer, co-founder of Nucleus, and the topic is running a vulnerability management program in a very large enterprise. Show notes Nucleus Security Product Demo on Risky Biz YouTube Channel

Risky Business #670 -- China's world record data breach

July 05, 2022 00:00 60.59 MB Downloads: 0

On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including: A billion records leaked in China China to develop desktop operating system HackerOne fires insider for stealing hackers’ work and bounties FSB officer charged with stealing hacker’s bitcoin Why Microsoft is wrong on Russia and Ukraine Much, much more Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain. Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing. Show notes Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters China lured graduate jobseekers into digital espionage | Ars Technica Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised (2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС Cybersecurity experts question Microsoft's Ukraine report (4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future State unemployment, jobs services down around the country after cyberattack NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future Nucleus Security's vulnerability management platform - YouTube Explore Atomic Red Team

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

June 28, 2022 00:00 64.56 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "🎉" / Twitter

Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

June 25, 2022 00:00 25.99 MB Downloads: 0

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions. But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

Risky Business #668 -- Microsoft is hiding its Azure security problems

June 21, 2022 00:00 62.3 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency’s audio recordings Much, much more This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice MPs back quiet diplomacy in Assange case Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica Microsoft’s Vulnerability Practices Put Customers At Risk | LinkedIn Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future Telegram: Contact @tass_agency Microsoft pulls Windows 10 and 11 in Russia • The Register DDoS Attacks Delay Putin Speech at Russian Economic Forum Russia warns of a “military clash” if it’s hit by US cyberattacks - The Record by Recorded Future Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post Srsly Risky Biz: Friday June 17 - by Tom Uren Suspect in hacking Russian customs detained in Moscow String of attacks on French telecom infrastructure preceded April attack on fiber optic cables Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future Ukrainian cybersecurity officials disclose two new hacking campaigns Police Linked to Hacking Campaign to Frame Indian Activists | WIRED INTERPOL raids hundreds of scammy call centers in sweep A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED Ranking The World's Angriest Scammers - 10/10 Rage - YouTube MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it The tale of a whale who took Solend’s money – Amy Castor

Risky Business #667 -- "Shields Up" for cyber's forever war

June 12, 2022 00:00 56.53 MB Downloads: 0

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple’s passkey release foreshadows FIDO mass adoption Much, much more This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News White House: cyber activity not against Russia policy | Reuters 'Shields Up': the new normal in cyberspace Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022 «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru Киев использовал против России новый принцип кибератак - Ведомости Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022 FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant Risky Biz News: LockBit-Mandiant drama, explained How Binance became a hub for hackers, fraudsters and drug sellers Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore. Fed cyber officials detail Chinese state hackers using common exploits against telcos Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED Zero-Day Exploitation of Atlassian Confluence | Volexity Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter NFT insider trading charges filed against former OpenSea employee Nate Chastain Detecting BPFDoor backdoor payload | Elastic