Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #724 -- Exploitation moves away from Microsoft, Google and Apple products
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ransomware crews target WS_FTP and Jetbrains servers Global energy supply shapes up as big target The Dossier Center drops another banger Indian nationalists DDoS Canadian targets A look at the Exim drama Much, much more This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Multiple exploits hit Progress Software’s WS_FTP Server | Cybersecurity Dive Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive Progress Software says business impact ‘minimal’ from MOVEit attack spree | Cybersecurity Dive NEXTA on X: Гостайна по электричеству - Досье Russian flight booking system suffers ‘massive’ cyberattack Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News NATO investigating breach, leak of internal documents | CyberScoop Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive Suspected China-based hackers target Middle Eastern telecom, Asian government North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company Ransomware gangs destroying data, using multiple strains during attacks: FBI Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica NSA is creating a hub for AI security, Nakasone says Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica ‘Snatch’ Ransom Group Exposes Visitor IP Addresses – Krebs on Security IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch
Risky Business #724 -- Exploitation moves away from Microsoft, Google and Apple products
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ransomware crews target WS_FTP and Jetbrains servers Global energy supply shapes up as big target The Dossier Center drops another banger Indian nationalists DDoS Canadian targets A look at the Exim drama Much, much more This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Multiple exploits hit Progress Software’s WS_FTP Server | Cybersecurity Dive Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive Progress Software says business impact ‘minimal’ from MOVEit attack spree | Cybersecurity Dive NEXTA on X: Гостайна по электричеству - Досье Russian flight booking system suffers ‘massive’ cyberattack Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News NATO investigating breach, leak of internal documents | CyberScoop Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive Suspected China-based hackers target Middle Eastern telecom, Asian government North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company Ransomware gangs destroying data, using multiple strains during attacks: FBI Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica NSA is creating a hub for AI security, Nakasone says Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica ‘Snatch’ Ransom Group Exposes Visitor IP Addresses – Krebs on Security IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch
Risky Business #723 -- MGM and Caesars: Western youths are working with ransomware gangs
On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover: How western youths are working with Russian ransomware crews Russia has changed its targeting in Ukraine A massive breach of historical Russian flight information is god’s gift to OSINT orgs Cisco buys Splunk for $28bn Much, much more This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest. Links to everything that we discussed are below. Show notes MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive mgmkirwan - DocumentCloud Cross-Tenant Impersonation: Prevention and Detection | Okta Security 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters Youth hacking ring at the center of cybercrime spree | CyberScoop UK logistics firm blames ransomware attack for insolvency, 730 redundancies Philippines state health org struggling to recover from ransomware attack Bermuda’s premier attributes system outages to ‘Russia-based’ attackers Russian hackers target Ukrainian government systems involved in war crimes investigations (4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X Hackers break into Russian database with data on hundreds of millions of flights Canada blames border checkpoint outages on cyberattack Air Canada says hackers accessed limited employee records during cyberattack 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years Hong Kong crypto business Mixin says hackers stole $200 million in assets Cisco to buy Splunk for $28B | Cybersecurity Dive British Army general says UK now conducting ‘hunt forward’ operations World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado
Risky Business #723 -- MGM and Caesars: Western youths are working with ransomware gangs
On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover: How western youths are working with Russian ransomware crews Russia has changed its targeting in Ukraine A massive breach of historical Russian flight information is god’s gift to OSINT orgs Cisco buys Splunk for $28bn Much, much more This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest. Links to everything that we discussed are below. Show notes MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive mgmkirwan - DocumentCloud Cross-Tenant Impersonation: Prevention and Detection | Okta Security 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters Youth hacking ring at the center of cybercrime spree | CyberScoop UK logistics firm blames ransomware attack for insolvency, 730 redundancies Philippines state health org struggling to recover from ransomware attack Bermuda’s premier attributes system outages to ‘Russia-based’ attackers Russian hackers target Ukrainian government systems involved in war crimes investigations (4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X Hackers break into Russian database with data on hundreds of millions of flights Canada blames border checkpoint outages on cyberattack Air Canada says hackers accessed limited employee records during cyberattack 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years Hong Kong crypto business Mixin says hackers stole $200 million in assets Cisco to buy Splunk for $28B | Cybersecurity Dive British Army general says UK now conducting ‘hunt forward’ operations World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado
Snake Oilers: Sublime Security, VulnCheck and Devicie
In this edition of Snake Oilers you’ll hear product pitches from: Sublime Security: e-mail security for people who want to tune their detections VulnCheck: Provides vulnerability intelligence to governments, large enterprises and vendors Devicie: Manage your devices with Intune without pulling your hair out Show notes sublime.security VulnCheck - Outpace Adversaries Cloud-native device management platform | Devicie
Snake Oilers: Sublime Security, Vulncheck and Devicie
In this edition of Snake Oilers you’ll hear product pitches from: Sublime Security: e-mail security for people who want to tune their detections Vulncheck: Provides vulnerability intelligence to governments, large enterprises and vendors Devicie: Manage your devices with Intune without pulling your hair out Show notes sumblime.security VulnCheck - Outpace Adversaries Cloud-native device management platform | Devicie
Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?
On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover: Microsoft’s 38TB oopsie MGM’s Okta compromised, was this what Okta was warning us about? Why we need a cyber knife fight Google Authenticator sync abused in the wild Much, much more This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center (6) Microsoft's Security Culture Just Isn't up to Scratch Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive I Gambled in MGM's Hacked Casinos ‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive Caesars Entertainment says it was also a victim of a cyberattack Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive DHS: Ransomware attackers headed for second most profitable year (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X White House urging dozens of countries to publicly commit to not pay ransoms Cyberattack on Kansas town affects email, phone, payment systems Major trucking software provider confirms ransomware incident Several Colombian government ministries hampered by ransomware attack Manchester police officers’ data stolen following ransomware attack on supplier Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say How Google Authenticator made one company’s network breach much, much worse | Ars Technica Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED Mozilla, CISA urge users to patch Firefox security flaw UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza War crimes tribunal ICC says it has been hacked | Reuters XINTRA - Cybersecurity Training CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube SaaS attack techniques SaaS attack matrix: The shadow workflow’s evil twin SaaS Attack: How to SAMLjack a poisoned tenant SAMLjacking a poisoned tenant demo - YouTube SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube
Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?
On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover: Microsoft’s 38TB oopsie MGM’s Okta compromised, was this what Okta was warning us about? Why we need a cyber knife fight Google Authenticator sync abused in the wild Much, much more This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center (6) Microsoft's Security Culture Just Isn't up to Scratch Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive I Gambled in MGM's Hacked Casinos ‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive Caesars Entertainment says it was also a victim of a cyberattack Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive DHS: Ransomware attackers headed for second most profitable year (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X White House urging dozens of countries to publicly commit to not pay ransoms Cyberattack on Kansas town affects email, phone, payment systems Major trucking software provider confirms ransomware incident Several Colombian government ministries hampered by ransomware attack Manchester police officers’ data stolen following ransomware attack on supplier Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say How Google Authenticator made one company’s network breach much, much worse | Ars Technica Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED Mozilla, CISA urge users to patch Firefox security flaw UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza War crimes tribunal ICC says it has been hacked | Reuters XINTRA - Cybersecurity Training CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube SaaS attack techniques SaaS attack matrix: The shadow workflow’s evil twin SaaS Attack: How to SAMLjack a poisoned tenant SAMLjacking a poisoned tenant demo - YouTube SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube
Risky Business #721 -- Why Storm-0558's Microsoft hack should have failed
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: How Storm-0558 stole Microsoft’s signing key Cisco 0day being used by ransomware crews We were right about Elon stumbling into the Ukraine war Someone’s amazing image library 0day just got crushed Much, much more! This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center Microsoft reveals how hackers stole its email signing key… kind of | TechCrunch Kevin Beaumont: "One extra thing to highlight -…" - Cyberplace Preventing Authentication Bypass: A Tale of Two Researchers - YouTube BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive Microsoft Teams phishing attack pushes DarkGate malware CISA warns of attacks using Microsoft Word, Adobe bugs New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive MGM Resorts takes systems offline following cyberattack Save the Children International hit with cyberattack, but says operations weren’t impacted Sri Lankan government loses months of data following ransomware attack (6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too. Opinion | The untold story of Elon Musk’s support for Ukraine - The Washington Post Elon Musk on X: SpaceX unveils Starshield, a military variation of Starlink satellites China-Linked Hackers Breached a Power Grid—Again | WIRED Just waiting for a mate - YouTube North Korea-backed hackers target security researchers with 0-day | Ars Technica Cars are collecting data on par with Big Tech, watchdog report finds Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X
Risky Business #721 -- Why Storm-0558's Microsoft hack should have failed
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: How Storm-0558 stole Microsoft’s signing key Cisco 0day being used by ransomware crews We were right about Elon stumbling into the Ukraine war Someone’s amazing image library 0day just got crushed Much, much more! This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center Microsoft reveals how hackers stole its email signing key… kind of | TechCrunch Kevin Beaumont: "One extra thing to highlight -…" - Cyberplace Preventing Authentication Bypass: A Tale of Two Researchers - YouTube BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive Microsoft Teams phishing attack pushes DarkGate malware CISA warns of attacks using Microsoft Word, Adobe bugs New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive MGM Resorts takes systems offline following cyberattack Save the Children International hit with cyberattack, but says operations weren’t impacted Sri Lankan government loses months of data following ransomware attack (6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too. Opinion | The untold story of Elon Musk’s support for Ukraine - The Washington Post Elon Musk on X: SpaceX unveils Starshield, a military variation of Starlink satellites China-Linked Hackers Breached a Power Grid—Again | WIRED Just waiting for a mate - YouTube North Korea-backed hackers target security researchers with 0-day | Ars Technica Cars are collecting data on par with Big Tech, watchdog report finds Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X
Snake Oilers: ConductorOne, Bloodhound Enterprise and Zero Networks
In this edition of Snake Oilers you’ll hear product pitches from: ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down Zero Networks: Agentless: heavily automated microsegmentation and a VPN product that won’t get you insta-owned Show notes ConductorOne - Identity security & access control Home - BloodHound Enterprise Microsegmentation in a Matter of Minutes | Zero Networks
Snake Oilers: ConductorOne, Bloodhound Enterprise and Zero Networks
In this edition of Snake Oilers you’ll hear product pitches from: ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down Zero Networks: Agentless: heavily automated microsegmentation and a VPN product that won’t get you insta-owned Show notes ConductorOne - Identity security & access control Home - BloodHound Enterprise Microsegmentation in a Matter of Minutes | Zero Networks
Risky Business #720 -- How cloud identity provider federation features can get you mega-owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel’s SS7 access Much, much more! This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World’s Top Cybercrime Gangs | WIRED
Risky Business #720 -- How cloud identity provider federation features can get you mega-owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel’s SS7 access Much, much more! This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World’s Top Cybercrime Gangs | WIRED
Risky Business #719 -- FBI vapes 700,000 Qakbot infections
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The FBI takes down Qakbot, steals operators’ bitcoins ha ha Danish hosting provider completely destroyed in ransomware attack Sophisticated Russian cyber attack on Polish trains. Well. Not really. Microsoft revokes cert then revokes its revocation Much, much more! This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters Danish cloud host says customers ‘lost all data’ after ransomware attack | TechCrunch VDP Platform 2022 Annual Report Showcases Platform’s Success | CISA Proposed bill would require vulnerability disclosure policies for all federal contractors The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED Two suspects arrested following Poland railway hack ‘Incredible concern and anger’ among Metropolitan Police after hackers breach data New malware from North Korea’s Lazarus used against healthcare industry North Korea’s Lazarus hackers behind recent crypto heists: FBI US arrests Tornado Cash co-founder, sanctions another who remains at large Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security (2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant Unpacking the MOVEit Breach: Statistics and Analysis The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive British court convicts two teen Lapsus$ members of hacking tech firms Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. – Krebs on Security Apple security updates could be banned by British government