Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
CppCast
Every two weeks, or so, we sit down with guests from the C++ community to discuss the latest news and what they have been up to. Find us at cppcast.com
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Risky Business #670 -- China's world record data breach
On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including: A billion records leaked in China China to develop desktop operating system HackerOne fires insider for stealing hackers’ work and bounties FSB officer charged with stealing hacker’s bitcoin Why Microsoft is wrong on Russia and Ukraine Much, much more Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain. Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing. Show notes Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters China lured graduate jobseekers into digital espionage | Ars Technica Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised (2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС Cybersecurity experts question Microsoft's Ukraine report (4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future State unemployment, jobs services down around the country after cyberattack NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future Nucleus Security's vulnerability management platform - YouTube Explore Atomic Red Team
Risky Business #669 -- Finally, an ICS attack that made stuff explode!
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "🎉" / Twitter
Risky Biz Soap Box: HD Moore on taking Rumble to the cloud
Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions. But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.
Risky Business #668 -- Microsoft is hiding its Azure security problems
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency’s audio recordings Much, much more This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice MPs back quiet diplomacy in Assange case Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica Microsoft’s Vulnerability Practices Put Customers At Risk | LinkedIn Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future Telegram: Contact @tass_agency Microsoft pulls Windows 10 and 11 in Russia • The Register DDoS Attacks Delay Putin Speech at Russian Economic Forum Russia warns of a “military clash” if it’s hit by US cyberattacks - The Record by Recorded Future Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post Srsly Risky Biz: Friday June 17 - by Tom Uren Suspect in hacking Russian customs detained in Moscow String of attacks on French telecom infrastructure preceded April attack on fiber optic cables Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future Ukrainian cybersecurity officials disclose two new hacking campaigns Police Linked to Hacking Campaign to Frame Indian Activists | WIRED INTERPOL raids hundreds of scammy call centers in sweep A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED Ranking The World's Angriest Scammers - 10/10 Rage - YouTube MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it The tale of a whale who took Solend’s money – Amy Castor
Risky Business #667 -- "Shields Up" for cyber's forever war
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple’s passkey release foreshadows FIDO mass adoption Much, much more This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News White House: cyber activity not against Russia policy | Reuters 'Shields Up': the new normal in cyberspace Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022 «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru Киев использовал против России новый принцип кибератак - Ведомости Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022 FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant Risky Biz News: LockBit-Mandiant drama, explained How Binance became a hub for hackers, fraudsters and drug sellers Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore. Fed cyber officials detail Chinese state hackers using common exploits against telcos Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED Zero-Day Exploitation of Atlassian Confluence | Volexity Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter NFT insider trading charges filed against former OpenSea employee Nate Chastain Detecting BPFDoor backdoor payload | Elastic
Risky Business #666 -- The msdt RTF of DOOM
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube
Risky Business -- #665 You can ransomware whole countries now
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country’s collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited’ after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW’s Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large’ org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary
SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns
The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.
Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you
In this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.
Risky Business #664 -- The Spanish Prime Minister got Pegasus'd
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Spanish PM’s phone infected by Pegasus Microsoft drops Ukraine research report We can’t make heads or tails out of the FBI’s transparency report France hit with coordinated fibre sabotage campaign Why Musk’s algorithm pledge is meaningless Much, much more This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Spyware attack targeted Spanish prime minister’s phone - The Record by Recorded Future Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ | Spain | The Guardian Russia’s hackers and military went after the same targets in Ukraine, Microsoft says Russia Is Being Hacked at an Unprecedented Scale | WIRED Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future 2022_ASTR_for_CY2020_FINAL.pdf Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans’ Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities Who tried to hack Hawaii’s undersea cable? - The Record by Recorded Future Nauru police emails leaked to protest against Australia's offshore detention Fighting Fake EDRs With ‘Credit Ratings’ for Police – Krebs on Security Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline Musk's plans to make Twitter's algorithms public raises disinformation conundrum Elon Musk’s Plan to Open Source the Twitter Algorithm Won’t Solve Anything | WIRED Kronos cyber attack sparks lawsuits against employers | BenefitsPRO German wind farm operator confirms cybersecurity incident - The Record by Recorded Future German library service struggling to recover from ransomware attack - The Record by Recorded Future Trinidad’s largest supermarket chain crippled by cyberattack - The Record by Recorded Future Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future Crypto Hackers Stole More Than $370 Million In April Alone Airlock Digital Demo - YouTube Risky Business News | Patrick Gray | Substack
Risky Business #663 -- Israel cracks down on spyware exports
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Israel Ministry of Defence is denying a lot of spyware export licences Private detective in New York pleads guilty over BellTroX shenanigans Scammers enrol stolen credit cards into Apple Pay The Blackcat ransomware crew is very active right now VirusTotal shells lol Much, much more This week’s sponsor interview is with Okta’s Brett Winterford, who talks in detail about the company’s brush with the Lapsus$ hacking crew. It’s unusual for a sponsor interview to be a must listen, but here we are. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Export controls strangling Israel's cyberattack industry - Globes Israeli charged in global hacker-for-hire scheme pleads guilty | Reuters Criminals Abuse Apple Pay in Spending Sprees Wealthy cybercriminals are using zero-day hacks more than ever | MIT Technology Review Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security FBI: 60 organizations worldwide hit with BlackCat/ALPHV ransomware - The Record by Recorded Future FBI warns agricultural sector of heightened risk of ransomware attacks Russia's war on Ukraine making life difficult for Russian cybercriminals In a first, Treasury Department sanctions major cryptocurrency mining firm Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA (6) Rewards for Justice on Twitter: "REWARD! Up to $10M for information on 6 Russian GRU hackers. They targeted U.S. critical infrastructure with malicious cyber ops. Send us info on their activities via our Dark Web-based tips line at: https://t.co/WvkI416g4W https://t.co/oZCKNHU3fY https://t.co/u1NMAZ9HQl" / Twitter Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure – Rewards For Justice From the front lines of ‘the first real cyberwar’ - The Record by Recorded Future CySource virus total blog (3) Bernardo Quintero on Twitter: "for transparency purposes, this was my internal reply on May 21, 2021 at 03:09PM https://t.co/WR3QTRlxDc" / Twitter Critical bug could have let hackers commandeer millions of Android devices | Ars Technica Hot patch for Log4Shell vulnerability in AWS allowed full host takeover | The Daily Swig Major cryptography blunder in Java enables “psychic paper” forgeries | Ars Technica Brokers' sales of U.S. military personnel data overseas stir national security fears Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen A Crypto Entrepreneur Is on the Lam After Dev Jailed for North Korea Trip Okta Concludes its Investigation Into the January 2022 Compromise | Okta Risky Business News | Substack
Risky Business #662 -- It's a bad month to be an electricity grid
On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including: Ukraine foils Russian ICS hack US Government burns someone’s ICS toolkit China gets all up in India’s energy gridz The Heroku/Hithub/Travis CI story is very confusing US DOJ removes GRU malware from Watchguard boxes under Rule 41 North Korea behind $540m crypto hack Much, much more This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They’ll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator. Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing. Show notes Ukraine foiled Russian cyberattack that tried to shut down energy grid (4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter (4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Suspected Chinese hackers are targeting India's power grid Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post US says it disrupted Russian botnet 'before it could be weaponized' DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future 'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack The Original APT: Advanced Persistent Teenagers – Krebs on Security
Snake Oilers: Vectra, Google Security and SecureStack
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company’s cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud’s Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google’s Cloud-Native SIEM Platform
Risky Business #661 -- Viasat hack details firm up
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Spring4Shell isn’t all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing. And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Explaining Spring4Shell: The Internet security disaster that wasn’t | Ars Technica VMware sprung by Spring4shell vulnerability - Security - iTnews Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future VIASAT incident: from speculation to technical details. AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future The Belarus ‘railway rebels’, who dare stop Vladimir Putin’s invasion in its tracks German wind turbine maker shut down after cyberattack - The Record by Recorded Future Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig Two alleged Lapsus$ teens appear in London court IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica Notorious hacking group FIN7 adds ransomware to its repertoire NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future Debate erupts at news the White House may scale back DOD cyber-ops authorities Legislators rail against potential rollback of flexible DOD cyber powers ‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig Trend Micro warns of active attacks against Apex Central console | The Daily Swig Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica GitLab addresses critical account hijack bug | The Daily Swig Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future Bank that lacked basic security suffers predictable fate • The Register Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform
Snake Oilers: PentesterLab, AttackForge and Sysdig
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Upskill your testers and developers with PentesterLab for US$20 a month Manage penetration tests and reporting with AttackForge How Sysdig can help herd your container cats (vuln management and detection for container environments) Show notes PentesterLab: Learn Web Penetration Testing: The Right Way AttackForge® - Penetration Testing Workflow Management, Productivity & Collaboration Tools Sysdig 2022 Cloud-Native Security and Usage Report: Stay on Top of Risks as You Scale – Sysdig