Risky Business

Follow Risky Business
Share on
Copy link to clipboard

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a secu…

Patrick Gray


    • Jun 29, 2022 LATEST EPISODE
    • weekly NEW EPISODES
    • 147 EPISODES

    Listeners of Risky Business that love the show mention: infosec news, risky, information security, security podcast, cyber, gray, easily one, must listen podcast, technology, 3 years, informative and entertaining, field, source, events, current, weekly, interviews, depth, one of the best, great podcast.



    Search for episodes from Risky Business with a specific topic:

    Latest episodes from Risky Business

    Risky Business #669 -- Finally, an ICS attack that made stuff explode!

    Play Episode Listen Later Jun 29, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week's show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he's using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise' speaker | The Daily Swig CISA experts propose ‘311' cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit' impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "

    Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

    Play Episode Listen Later Jun 26, 2022

    Today's Soap Box guest is an industry legend – Metasploit creator HD Moore. He's here to tell us more about what's happening with his latest creation, Rumble Network Discovery. If you're not familiar with Rumble, well, you should be. It's a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can't even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it's infinitely easier than trying to do passive network discovery on the network or pull data from other solutions. But Rumble isn't just a network scanner anymore. They've been doing basic cloud asset inventory since the early days, but as you'll hear it's an area they've really been putting a lot of work into lately. Another big thing they've worked on is ICS and OT fingerprinting techniques that won't actually cause those devices to command things to explode, so that's nice.

    Risky Business #668 -- Microsoft is hiding its Azure security problems

    Play Episode Listen Later Jun 22, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency's audio recordings Much, much more This week's edition of the show is brought to you by Gigamon. Josh Day, Gigamon's Director of applied threat research team, will be along in this week's sponsor interview to talk about detecting badness on your network in encrypted traffic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice MPs back quiet diplomacy in Assange case Botched and silent patches from Microsoft put customers at risk, critics say | Ars Technica Microsoft's Vulnerability Practices Put Customers At Risk | LinkedIn Security firm warns of ransomware attacks targeting Microsoft cloud 'versioning' feature - The Record by Recorded Future Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups | The Daily Swig Large supermarket chain in southern Africa hit with ransomware - The Record by Recorded Future Telegram: Contact @tass_agency Microsoft pulls Windows 10 and 11 in Russia • The Register DDoS Attacks Delay Putin Speech at Russian Economic Forum Russia warns of a “military clash” if it's hit by US cyberattacks - The Record by Recorded Future Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy U.S. defense firm L3Harris in talks with NSO Group over spyware - The Washington Post Srsly Risky Biz: Friday June 17 - by Tom Uren Suspect in hacking Russian customs detained in Moscow String of attacks on French telecom infrastructure preceded April attack on fiber optic cables Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability - The Record by Recorded Future Ukrainian cybersecurity officials disclose two new hacking campaigns Police Linked to Hacking Campaign to Frame Indian Activists | WIRED INTERPOL raids hundreds of scammy call centers in sweep A Twitch Streamer Is Exposing Coronavirus Scams Live | WIRED Ranking The World's Angriest Scammers - 10/10 Rage - YouTube MIT researchers find new hardware vulnerability in the Apple M1 chip - The Record by Recorded Future A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys | Ars Technica Tornado Cash Is Crypto Hackers' Favorite Way to Cash Out, But Experts Say It Can Be Traced How CISA's list of 'must-patch' vulnerabilities has expanded both in size, and who's using it The tale of a whale who took Solend's money – Amy Castor

    Risky Business #667 -- "Shields Up" for cyber's forever war

    Play Episode Listen Later Jun 13, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp's Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple's passkey release foreshadows FIDO mass adoption Much, much more This week's sponsor interview is about Elastic's teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News White House: cyber activity not against Russia policy | Reuters 'Shields Up': the new normal in cyberspace Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022 «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru Киев использовал против России новый принцип кибератак - Ведомости Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022 FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant Risky Biz News: LockBit-Mandiant drama, explained How Binance became a hub for hackers, fraudsters and drug sellers Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore. Fed cyber officials detail Chinese state hackers using common exploits against telcos Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED MongoDB Debuts ‘Queryable Encryption' to Fight Hacks and Leaks | WIRED Zero-Day Exploitation of Atlassian Confluence | Volexity Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions ‘Optimism' Crypto Hack Victim Hopes Thief Will Give Back $15 Million PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter NFT insider trading charges filed against former OpenSea employee Nate Chastain Detecting BPFDoor backdoor payload | Elastic

    Risky Business #666 -- The msdt RTF of DOOM

    Play Episode Listen Later May 31, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We'll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week's sponsor interview. He'll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don't control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher' hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube

    Risky Business -- #665 You can ransomware whole countries now

    Play Episode Listen Later May 25, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Conti's war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week's show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week's sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country's collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited' after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW's Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large' org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary

    SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns

    Play Episode Listen Later May 20, 2022

    The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It's a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.

    Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you

    Play Episode Listen Later May 18, 2022

    In this Soap Box edition of the show Proofpoint's EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.

    Risky Business #664 -- The Spanish Prime Minister got Pegasus'd

    Play Episode Listen Later May 4, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Spanish PM's phone infected by Pegasus Microsoft drops Ukraine research report We can't make heads or tails out of the FBI's transparency report France hit with coordinated fibre sabotage campaign Why Musk's algorithm pledge is meaningless Much, much more This week's sponsor interview is with ExtraHop Networks' CEO Patrick Dennis. He's joining us this week to talk about how you can turn “Shield's Up!” advice into something actionable. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Spyware attack targeted Spanish prime minister's phone - The Record by Recorded Future Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware' | Spain | The Guardian Russia's hackers and military went after the same targets in Ukraine, Microsoft says Russia Is Being Hacked at an Unprecedented Scale | WIRED Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future 2022_ASTR_for_CY2020_FINAL.pdf Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans' Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities Who tried to hack Hawaii's undersea cable? - The Record by Recorded Future Nauru police emails leaked to protest against Australia's offshore detention Fighting Fake EDRs With ‘Credit Ratings' for Police – Krebs on Security Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline Musk's plans to make Twitter's algorithms public raises disinformation conundrum Elon Musk's Plan to Open Source the Twitter Algorithm Won't Solve Anything | WIRED Kronos cyber attack sparks lawsuits against employers | BenefitsPRO German wind farm operator confirms cybersecurity incident - The Record by Recorded Future German library service struggling to recover from ransomware attack - The Record by Recorded Future Trinidad's largest supermarket chain crippled by cyberattack - The Record by Recorded Future Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future Crypto Hackers Stole More Than $370 Million In April Alone Airlock Digital Demo - YouTube Risky Business News | Patrick Gray | Substack

    Risky Business #663 -- Israel cracks down on spyware exports

    Play Episode Listen Later Apr 27, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Israel Ministry of Defence is denying a lot of spyware export licences Private detective in New York pleads guilty over BellTroX shenanigans Scammers enrol stolen credit cards into Apple Pay The Blackcat ransomware crew is very active right now VirusTotal shells lol Much, much more This week's sponsor interview is with Okta's Brett Winterford, who talks in detail about the company's brush with the Lapsus$ hacking crew. It's unusual for a sponsor interview to be a must listen, but here we are. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Export controls strangling Israel's cyberattack industry - Globes Israeli charged in global hacker-for-hire scheme pleads guilty | Reuters Criminals Abuse Apple Pay in Spending Sprees Wealthy cybercriminals are using zero-day hacks more than ever | MIT Technology Review Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security FBI: 60 organizations worldwide hit with BlackCat/ALPHV ransomware - The Record by Recorded Future FBI warns agricultural sector of heightened risk of ransomware attacks Russia's war on Ukraine making life difficult for Russian cybercriminals In a first, Treasury Department sanctions major cryptocurrency mining firm Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA (6) Rewards for Justice on Twitter: "REWARD! Up to $10M for information on 6 Russian GRU hackers. They targeted U.S. critical infrastructure with malicious cyber ops. Send us info on their activities via our Dark Web-based tips line at: https://t.co/WvkI416g4W https://t.co/oZCKNHU3fY https://t.co/u1NMAZ9HQl" / Twitter Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure – Rewards For Justice From the front lines of ‘the first real cyberwar' - The Record by Recorded Future CySource virus total blog (3) Bernardo Quintero on Twitter: "for transparency purposes, this was my internal reply on May 21, 2021 at 03:09PM https://t.co/WR3QTRlxDc" / Twitter Critical bug could have let hackers commandeer millions of Android devices | Ars Technica Hot patch for Log4Shell vulnerability in AWS allowed full host takeover | The Daily Swig Major cryptography blunder in Java enables “psychic paper” forgeries | Ars Technica Brokers' sales of U.S. military personnel data overseas stir national security fears Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen A Crypto Entrepreneur Is on the Lam After Dev Jailed for North Korea Trip Okta Concludes its Investigation Into the January 2022 Compromise | Okta Risky Business News | Substack

    Risky Business #662 -- It's a bad month to be an electricity grid

    Play Episode Listen Later Apr 21, 2022

    On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: Ukraine foils Russian ICS hack US Government burns someone's ICS toolkit China gets all up in India's energy gridz The Heroku/Hithub/Travis CI story is very confusing US DOJ removes GRU malware from Watchguard boxes under Rule 41 North Korea behind $540m crypto hack Much, much more This week's sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They'll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator. Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that's your thing. Show notes Ukraine foiled Russian cyberattack that tried to shut down energy grid (4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter (4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Suspected Chinese hackers are targeting India's power grid Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post US says it disrupted Russian botnet 'before it could be weaponized' DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future 'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack The Original APT: Advanced Persistent Teenagers – Krebs on Security

    Snake Oilers: Vectra, Google Security and SecureStack

    Play Episode Listen Later Apr 13, 2022

    Snake Oilers isn't our regular weekly podcast, it's a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We'll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company's cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud's Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google's Cloud-Native SIEM Platform

    Risky Business #661 -- Viasat hack details firm up

    Play Episode Listen Later Apr 6, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why Spring4Shell isn't all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week's sponsor interview is with Bernard Brantley, Corelight's Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It's based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing. And they've just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Explaining Spring4Shell: The Internet security disaster that wasn't | Ars Technica VMware sprung by Spring4shell vulnerability - Security - iTnews Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future VIASAT incident: from speculation to technical details. AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future The Belarus ‘railway rebels', who dare stop Vladimir Putin's invasion in its tracks German wind turbine maker shut down after cyberattack - The Record by Recorded Future Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig Two alleged Lapsus$ teens appear in London court IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica Notorious hacking group FIN7 adds ransomware to its repertoire NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future Debate erupts at news the White House may scale back DOD cyber-ops authorities Legislators rail against potential rollback of flexible DOD cyber powers ‘Dangerous' EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig Trend Micro warns of active attacks against Apex Central console | The Daily Swig Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica GitLab addresses critical account hijack bug | The Daily Swig Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future Bank that lacked basic security suffers predictable fate • The Register Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform

    Snake OIlers: PentesterLab, AttackForge and Sysdig

    Play Episode Listen Later Apr 4, 2022

    Snake Oilers isn't our regular weekly podcast, it's a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We'll hear from three vendors in this edition of Snake Oilers: Upskill your testers and developers with PentesterLab for US$20 a month Manage penetration tests and reporting with AttackForge How Sysdig can help herd your container cats (vuln management and detection for container environments) Show notes PentesterLab: Learn Web Penetration Testing: The Right Way AttackForge® - Penetration Testing Workflow Management, Productivity & Collaboration Tools Sysdig 2022 Cloud-Native Security and Usage Report: Stay on Top of Risks as You Scale – Sysdig

    Risky Business #660 -- Lapsus$ arrests, latest on Okta incident

    Play Episode Listen Later Mar 30, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Some arrests of suspected Lapsus$ members in the UK Why the Okta incident is probably a fizzer Four FSB officers indicted over Triton/Trisis malware Kim Zetter interviewed Intrusion Truth Australian government to upsize ASD Wave bye bye to Finfisher Much, much more This week's sponsor interview is with Mike Wiacek from Stairwell. Stairwell makes a product that catalogues the files in your environment and lets you slice and dice that data. That makes threat hunting pretty easy and Mike is joining the show this week to talk about why organisations of all stripes should be doing threat hunting. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal - BBC News Okta ‘identifying and contacting' customers potentially affected by Lapsus$ breach - The Record by Recorded Future Okta revises original statement, says 366 customers affected by Lapsus$ breach - The Record by Recorded Future Okta apologizes for waiting two months to notify customers of Lapsus$ breach - The Record by Recorded Future Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show | TechCrunch DOJ unseals indictments of four Russian gov't officials for cyberattacks on energy companies - The Record by Recorded Future Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide | OPA | Department of Justice Intrusion Truth - Five Years of Naming and Shaming China's Spies ASD to double in size after $10bn cyber security funding boost - Security - iTnews How the Biden budget goes big on cyber - The Record by Recorded Future FBI, CISA advise 13,000 orgs to have 'low threshold' for reporting cyberattacks - The Record by Recorded Future Senate report examines REvil ransomware attacks on US firms - The Record by Recorded Future Senate ransomware investigation says FBI leaving victims in the lurch Surveillance software firm FinFisher declares insolvency - The Record by Recorded Future NSO refused Ukraine's request for Pegasus spyware so it wouldn't anger Russia - The Washington Post FCC puts Kaspersky on security threat list, says it poses “unacceptable risk” | Ars Technica Traffic at major Ukrainian internet service provider Ukrtelecom disrupted - The Record by Recorded Future An interview with the chief technical officer at Ukrtelecom - The Record by Recorded Future Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” – Krebs on Security North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets | Ars Technica Google releases emergency security update for Chrome users after second 0-day of 2022 discovered - The Record by Recorded Future Npm maintainers remove malicious packages after typosquatting attempt - The Record by Recorded Future ‘Spam Nation' Villain Vrublevsky Charged With Fraud – Krebs on Security $2 million stolen from DeFi protocol Revest Finance, platform unable to reimburse victims - The Record by Recorded Future Flash loan attack on One Ring protocol nets crypto-thief $1.4 million | The Daily Swig More than $625 million stolen in DeFi hack of Ronin Network - The Record by Recorded Future Hackers Who Stole $50 Million in Crypto Say They Will Refund Some Victims

    Risky Biz Soap Box: Why allowlisting is ready for prime time

    Play Episode Listen Later Mar 24, 2022

    Airlock Digital co-founders Daniel Schell and Dave Cottingham join host Patrick Gray to talk about: What an effective allowlisting program looks like Why the third party allowlisting industry failed the first time What you can achieve with Microsoft tooling versus specialist tools How much effort is involved to do this right

    Risky Business #659 -- Okta and Microsoft meet LAPSUS$

    Play Episode Listen Later Mar 23, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Okta's somewhat awful comms around its LAPSUS$ incident Inside Microsoft's brush with the same group How Elon Musk's Starlink service is being used to drop bombs on Russian tanks US, UK governments warn of impending Russian cyberdoom Much, much more… This week's sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It's a topic that has come up a lot for us lately – ransomware has borderline sunk the current cyber insurance model as payments ballooned and payouts made a lot of insurers adjust premiums to the. But all is not lost – Paul says this blowup means the insurance industry is actually adapting and could wind up being a driver of better security practices. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Hackers hit authentication firm Okta, customers 'may have been impacted' | Reuters Updated Okta Statement on LAPSUS$ | Okta Microsoft investigating Lapsus$ claims of Bing, Cortana data theft - The Record by Recorded Future DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog U.K. echoes Biden warning on Russian cyberattacks - The Record by Recorded Future Statement by President Biden on our Nation's Cybersecurity | The White House FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden's Russia cyberattack warning - CNNPolitics CISA, FBI warn of satellite network hacks following Viasat cyberattack - The Record by Recorded Future Specialist Ukrainian drone unit picks off invading Russian forces as they sleep | News | The Times China's DJI And Its Billionaire Chief Put In An Awkward Spot As Both Sides In Ukraine War Use Its Drones Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk Catalin Cimpanu on Twitter: "Following the poisoning of the node-ipc npm package to sabotage systems in Belarus and Russia, Russia's NKTsKI cyber-security agency has told companies to use local repos for FOSS software, use older versions prior to the invasion, and audit new updates https://t.co/3PlKdXTfn1 https://t.co/EV25HBBZFN" / Twitter U.S. bars ex-spies from becoming 'mercenaries,' following Reuters series | Reuters Behold, a password phishing site that can trick even savvy users | Ars Technica Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED Scammers have 2 clever new ways to install malicious apps on iOS devices | Ars Technica New details emerge on prolific Conti-linked cybercrime group Trickbot is using MikroTik routers to ply its trade. Now we know why | Ars Technica Sandworm-linked botnet has another piece of hardware in its sights Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms - Decrypt Lawmakers Probe Early Release of Top RU Cybercrook – Krebs on Security A different way to do PAM -- Paul Lanzi, Remediant - YouTube

    Risky Business #658 -- Germany sounds alarm on Kaspersky software

    Play Episode Listen Later Mar 16, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Germany issues stark warning to Kaspersky users Ukraine SATCOM hack keeps getting more interesting Russia to spin up its own CA, but it's not what it seems Why the ransomware threat could get worse, then better Much, much more This week's show is brought to you by Fastly. Kelly Shortridge, Fastly's Senior Principal Product Technologist, joins the show this week to tell us what modern security actually looks like. Kelly is always fascinating so we were thrilled she was in the sponsor chair this week. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes German government issues warning about Kaspersky products - CyberScoop Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters SATELLITE SYSTEMS, SATCOM AND SPACE SYSTEMS UPDATE Russia to create its own security certificate authority, alarming experts Political fallout in cybercrime circles upping the threat to Western targets (2) Oleg Shakirov on Twitter: "Russia's deputy foreign minister says he hopes the Russian-U.S. dialogue on cyber security will be resumed in response to a question whether it has been frozen He adds that it can bring tangible results like the disruption of REvil https://t.co/m817WD80vr" / Twitter FinCEN warns ransomware proceeds could be part of Russia sanctions evasion Biden takes big step toward government-backed digital currency Ukrainian hackers say HackerOne is blocking their bug bounty payouts | TechCrunch (2) Techmeme on Twitter: "Sources: Apple and Google removed Kremlin critic Navalny's app in September after FSB agents came to homes of top execs and threatened to take them to prison (Washington Post) https://t.co/nqvtHmG1Ft https://t.co/gQCcnFhnyo" / Twitter Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware | The Daily Swig (2) ESET research on Twitter: "#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine

    Risky Business #657 -- Belarus targets refugee data

    Play Episode Listen Later Mar 9, 2022

    On this week's show Patrick Gray, Brian Krebs and Adam Boileau discuss the week's security news, including: The Contileaks latest Belarus targeted refugee data. Was it behind the ICRC hack? How APT41 hacked America's livestock SATCOM hack in Ukraine may bode ill for Musk Much, much more Material Security's co-founder Ryan Noon is this week's sponsor guest. He joins the show to talk about a few things, how the building blocks for a whole new generation of security tooling – like large-scale data crunching tech – is now just available off the shelf. He also talks us through an integration Material has done with a groovy new SOAR platform called Tines. Links to everything we discussed – and a YouTube demo of Material's technology – are below. Show notes Conti Ransomware Group Diaries, Part I: Evasion – Krebs on Security Conti Ransomware Group Diaries, Part II: The Office – Krebs on Security Conti Ransomware Group Diaries, Part III: Weaponry – Krebs on Security Conti Ransomware Group Diaries, Part IV: Cryptocrime – Krebs on Security Christo Grozev on Twitter: "This is not the worst part. In the phone call in which the FSB officer assigned to the 41st Army reports the death to his boss in Tula, he says they've lost all secure communications. Thus the phone call using a local sim card. Thus the intercept. https://t.co/cgHHo7VaRi" / Twitter Cloudflare not fully backing out of Russia, company says, as tech firms are forced to weigh in - CyberScoop NATO countries' refugee management may have been targeted by Belarus-linked hackers - CyberScoop Twitter Launches Tor Onion Service Making Site Easier to Access in Russia Hive ransomware gang targets Romanian oil firm in its latest cyberattack - The Record by Recorded Future Chinese Spies Hacked a Livestock App to Breach US State Networks | WIRED Christophe on Twitter: "Casually compromising API keys from Azure customers: - Step 1: Create an Azure automation account - Step 2: curl localhost on ports 40000+ You now have an API token in the Azure tenant of another customer, with the same permissions as the automation

    Risky Business #656 – We expected a cyberwar but got an infowar

    Play Episode Listen Later Mar 3, 2022

    On this week's show Patrick Gray, Dmitri Alperovitch and Adam Boileau discuss the week's security news, including: We expected a cyberwar but got an information war People with SDR kits are doing SIGINT in Ukraine Conti has imploded and it's hilarious Much, much more This week's show is brought to you by Proofpoint. Sherrod DeGrippo, Proofpoint's Vice President of Threat Research and Detection is this week's sponsor guest. She joins us to talk about how there isn't really any magic advice she can dispense to protect customers from Russian attacks. There are some show notes below, but they're not exhaustive. Show notes The propaganda war has eclipsed cyberwar in Ukraine | MIT Technology Review Ukrainian Researcher Leaks Conti Ransomware Gang Data Signal on Twitter: "We've had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives." / Twitter Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future Phishing campaign targets European officials assisting in refugee operations - The Record by Recorded Future https://twitter.com/sbreakintl/status/1498619303717142529?s=21 Apple halts sales of products to Russia, restricts access to Russian news apps Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine - CyberScoop Russian State Media Hacked to Show Casualty Numbers for Russian Soldiers in Ukraine War Would Banning Russia From Getting Software Updates Make It Easier to Hack? Ukraine's Volunteer ‘IT Army' Is Hacking in Uncharted Territory | WIRED vx-underground on Twitter: "Conti ransomware group previously put out a message siding with the Russian government. Today a Conti member has begun leaking data with the message "Fuck the Russian government, Glory to Ukraine!" You can download the leaked Conti data here: https://t.co/BDzHQU5mgw https://t.co/AL7BXnihza" / Twitter Active Measures, LLC on Twitter: "That keyboard sound you hear is lawyers at US CYBERCOMMAND updating some opinions." / Twitter Conti ransomware gang chats leaked by pro-Ukraine member - The Record by Recorded Future Russia appears to deploy digital defenses after DDoS attacks - The Record by Recorded Future Russia's Sandworm Hackers Have Built a Botnet of Firewalls | WIRED Auth0 co-founder and CEO Eugenio Pace walks us through the Auth0 platform - YouTube Dmitri Alperovitch on Twitter: "In the last few weeks, I have become increasingly convinced that Kremlin has unfortunately made a decision to invade Ukraine later this winter. While it is still possible for Putin to deescalate, I believe the likelihood is now quite low. Allow me to explain why

    Risky Biz Soap Box: US Government will embrace "phishing resistant MFA"

    Play Episode Listen Later Feb 28, 2022

    These Soap Box editions of the show are entirely sponsored – that means everyone you hear in one of these episodes paid to be here. In this edition we're talking to Yubico's Chief Solutions Officer Jerrod Chong. We do one of these Soap Box podcasts with Jerrod every year. Yubico, of course, is the maker of the Yubikey hardware security device. In this chat with Jerrod we cover a few things – like the zero trust executive order, hardware-backed web transactions and how the industry leading the charge on security keys right now is actually the cryptocurrency space.

    Risky Business #655 -- USG: Expect Russian cyber drama

    Play Episode Listen Later Feb 23, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Ukraine sanctions may lead to Russia going “cyber feral” Brian Krebs links Red Cross breach to Iranian actor APT10 uses cred stuffing as misdirection Report: Global logistics behemoth Expeditors ransomwared NFT thefts still hilarious Inside the epic KlaySwap hack Much, much more In this week's sponsor interview Thinkst Canary's Marco Slaviero talks about some work they've done on introducing a “Safety Net” against AWS token enumeration edge cases. That's a very interesting interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes White House attributes Ukraine DDoS incidents to Russia's GRU - CyberScoop U.S. issues blanket warning on potential of destructive Russian hacks Russian hackers have probably penetrated critical Ukraine computer networks, U.S. says - The Washington Post Ukraine dismantles social media bot farm spreading "panic" - The Record by Recorded Future US says Russian hackers breached multiple DOD contractors - The Record by Recorded Future Red Cross blames hack on Zoho vulnerability, suspects APT attack - The Record by Recorded Future Red Cross Hack Linked to Iranian Influence Operation? – Krebs on Security Deep dive into hack against Iranian state TV yields wiper malware, other custom tools VMware Horizon servers are under active exploit by Iranian state hackers | Ars Technica Chinese hackers linked to months-long attack on Taiwanese financial sector - The Record by Recorded Future San Francisco 49ers confirm ransomware attack - The Record by Recorded Future Global logistics giant Expeditors suffers cyberattack, shuts down operations systems - FreightWaves Vodafone Portugal struggles to restore service following cyberattack | Ars Technica The US Crackdown on Spyware Vendors Is Only Beginning People Whose NFTs Were Stolen Are Getting Wildly Different Refunds from OpenSea Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack | ZDNet KlaySwap crypto users lose funds after BGP hijack - The Record by Recorded Future Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency | The Daily Swig For signs of cryptocurrency laundering, look closely at Moscow firms, report says Srsly Risky Biz: Thursday February 17 More data on Canadian 'Freedom Convoy' donors leaked -website | Reuters Stream Episode 179: Truck Yeah, Canada feat Dan Boeckner by QAnon Anonymous | Listen online for free on SoundCloud FBI sees increase in use of virtual meeting platforms for BEC scams - The Record by Recorded Future This Is the ‘Hacking' Investigation Into Journalist Who Clicked ‘View Source' on Government Website Bhima Koregaon case: New report finds activist Rona Wilson was targeted by hackers linked to cyber espionage - The Washington Post Thousands of npm accounts use email addresses with expired domains - The Record by Recorded Future EARN IT Act gets no changes to encryption language in Senate committee SEC's breach notification proposal one step closer to a final vote In touch with Reality Winner - The Record by Recorded Future A “Safety Net” for AWS Canarytokens

    Risky Biz Feature: "Everyone has a plan until they get punched in the face"

    Play Episode Listen Later Feb 16, 2022

    There is no weekly news show this week. Instead, we're running this feature interview with Michael Montoya, the CISO of Equinix. This isn't a sponsored interview or anything like that, this podcast was prepared with support from the Hewlett Foundation's Cyber Initiative. Equinix has 9,000 staff and operates 220 data centres globally. Its annual revenue is in the order of USD$6bn. In September 2020 it was attacked by criminals who deployed the Netwalker ransomware on its corporate network. The attackers demanded a USD$4.5m ransom payment for service restoration and to keep the data they stole from the company private. This interview has taken a while to organise, but when I first found out Michael was open to the idea of talking through the incident I jumped at it. It's extremely rare for CISOs to be made available to talk about events like this, but it's something that should happen more often. We can learn a lot by dissecting these types of incidents publicly. Enjoy!

    Risky Business #654 -- FBI arrests deeply annoying cryptocurrency influencers

    Play Episode Listen Later Feb 9, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: A spate of ransomware attacks on European energy and transport Russian authorities extend cybercrime crackdown Irritating influencers arrested for laundering 2016 Bitfinex hack proceeds IRS abandons ID.me trial Microsoft disables macros by default, disables MSIX protocol handler Much, much more This week's show is brought to you by ExtraHop. Extrahop's Ted Driggs is this week's sponsor guest – he was on the show about a year ago talking about how we should really start thinking about putting together software bills of behaviours as well as bills of material. Ted is back to tell us how that effort is progressing. As you'll hear, a lot of the behavioural data on software already exists, but it's being hoarded by different vendors. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Ransomware spree hitting European oil, transport companies String of cyberattacks on European oil and chemical sectors likely not coordinated, officials say - The Record by Recorded Future Weeks after a ransomware attack, some workers still worry about paychecks Russian government continues crackdown on cybercriminals Cyberattack brings down Vodafone Portugal mobile, voice, and TV services - The Record by Recorded Future An ALPHV (BlackCat) representative discusses the group's plans for a ransomware ‘meta-universe' - The Record by Recorded Future DOJ seizes $3.6 billion from 2016 Bitfinex hack, arrests New York couple - The Record by Recorded Future Woman Who Allegedly Laundered $1B in Bitcoin Was Cringe YouTube Rapper NetWalker ransomware affiliate sentenced to seven years in prison - The Record by Recorded Future IRS abandons plans to use third-party facial recognition DHS assembles Cyber Safety Review Board to imitate fed agency that studies aviation accidents Senate lawmakers try again on cyber incident reporting legislation - The Record by Recorded Future Microsoft temporarily disables MSIX protocol handler following malware abuse - The Record by Recorded Future Microsoft to block internet macros by default in five Office applications - The Record by Recorded Future Microsoft says MFA adoption remains low, only 22% among enterprise customers - The Record by Recorded Future Google Cloud adds new cryptomining threat detection capability - The Record by Recorded Future News Corp. says Wall Street Journal, New York Post were targeted by hackers European governments targeted by Chinese hackers with a Zimbra webmail zero-day - The Record by Recorded Future Palestinian hacking group evolving with new malware, researchers say State Department sounds alarm over Red Cross breach State Department offers $10M for information on Iranian election interference Iran's national TV stream hacked for the second time in a week - The Record by Recorded Future Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks | The Daily Swig The Apache Log4j team talks about the Log4Shell patching process - The Record by Recorded Future npm enrolls Top 100 package maintainers into mandatory 2FA - The Record by Recorded Future Target open-sources its web skimmer detector - The Record by Recorded Future North Korea Hacked Him. So He Took Down Its Internet | WIRED Cryptocurrency platform Wormhole hacked for an estimated $322 million - The Record by Recorded Future

    Risky Biz Soap Box: The state of malicious mass scanning with Andrew Morris

    Play Episode Listen Later Feb 3, 2022

    These soap box podcasts are wholly sponsored – that means everyone you hear in one of these editions paid to be here. Today's guest is Andrew Morris, the founder and CEO of Greynoise. Greynoise is one of those companies that has a brief that sounds simple but is actually quite hard to execute on. They detect malicious mass scanning on the Internet so their customers can plug that data into their SOC to see if the IP they just got an alert on is something targeting them or something targeting the whole internet. You don't even need to be a customer to get some use out of Greynoise. If you want to know about an IP you've seen an alert for just head over to greynoise.io and drop it into the search box – magic awaits. Greynoise makes its money by selling API access to its service, basically, and its customers mostly use it for SIEM enrichment. But as you'll hear, Andrew says the company is looking at moving toward actually blocking this type of mass scanning from hitting customer environments, and is even looking at working with telcos to scrub the most egregious stuff from the internet entirely. His rationale is actually pretty simple – he wants to narrow the aperture through which mass scanning can fit through. He wants to make it harder. But this interview isn't just about what Greynoise doing, it's also about the current state of mass scanning.

    Risky Business #653 -- REvil arrests: Sometimes a banana is just a banana

    Play Episode Listen Later Feb 2, 2022

    On this week's show Patrick Gray, Tom Uren and Joe Slowik discuss the week's security news, including: Why China's Olympics app is probably not spyware New DDoS record set at 3.47Tbps USG goes all in on Zero Trust Dmitry Medvedev makes all the right noises on ransomware cooperation Iranian APT crew dabbles in ransomware German fuel distribution ransomwared The latest on NSO Much, much more This week's show is brought to you by Google Cloud. Anton Chuvakin, the head of security solution strategy at Google Cloud will be along in this week's sponsor interview to talk about why SIEM vendors – including Google Cloud – are gobbling up SOAR platforms in acquisitions. Links to everything that we discussed are below and you can follow Patrick, Tom or Joeon Twitter if that's your thing. Show notes The surveillance concerns around China's Winter Olympics app – explained | Surveillance | The Guardian Cross-Country Exposure: Analysis of the MY2022 Olympics App - The Citizen Lab Wiper in Ukraine Used Code Repurposed From WhiteBlackCrypt Ransomware German government warns of APT27 activity targeting local companies - The Record by Recorded Future Microsoft fends off record-breaking 3.47Tbps DDoS attack | Ars Technica White House releases final zero-trust strategy for federal government - The Record by Recorded Future White House expands digital regulations for U.S. water supply Conti ransomware hits Apple, Tesla supplier - The Record by Recorded Future Top Russian official cites REvil arrests as sign of cooperation, says Moscow is awaiting reciprocation Совет Безопасности Российской Федерации Major German fuel storage provider hit with cyberattack, working under limited operations Iranian state-sponsored group APT35 linked to Memento ransomware - The Record by Recorded Future Deadbolt ransomware hits more than 3,600 QNAP NAS devices - The Record by Recorded Future QNAP warns NAS users of DeadBolt ransomware, urges customers to update | ZDNet Unpacking the rise of BlackCat ransomware: High victim count, high payouts, customized features Ransomware group says it took files from French Ministry of Justice Cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021 - The Record by Recorded Future DeepDotWeb co-admin sentenced to 8 years in prison - The Record by Recorded Future Booby-trapped sites delivered potent new backdoor trojan to macOS users | Ars Technica Apple pays out $100k bounty for Safari webcam hack that imperiled victims' online accounts | The Daily Swig Qubit Finance platform hacked for $80 million worth of cryptocurrency - The Record by Recorded Future Android malware will factory-reset a phone after stealing a user's funds - The Record by Recorded Future 2FA app with 10,000 Google Play downloads loaded well-known banking trojan | Ars Technica Threat actor target Ubiquiti network appliances using Log4Shell exploits - The Record by Recorded Future Finland says it found NSO's Pegasus spyware on diplomats' phones - The Record by Recorded Future NSO offered US mobile security firm ‘bags of cash', whistleblower claims | Surveillance | The Guardian The Battle for the World's Most Powerful Cyberweapon - The New York Times

    Risky Business #652 -- Cyber Partisans take down Belarusian rail systems

    Play Episode Listen Later Jan 26, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Belarusian Cyber Partisans ransom train network A look at developments in Ukraine Merck wins NotPetya insurance lawsuit US VC firm in talks to acquire NSO Group Much, much more This week's show is brought to you by Trail of Bits, the security engineering firm. Dan Guido joins us this week week to talk about zkdocs, a bunch of documentation Trail of Bits put together to provide guidance on how to implement some of these newfangled concepts – like zero knowledge proofs – that are popular in blockchain and cryptoland. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Hactivists say they hacked Belarus rail system to stop Russian military buildup | Ars Technica A top Ukrainian security official on defending the nation against cyber attacks - The Record by Recorded Future Former Ukrainian official sanctioned for assisting Russian cyberattacks - The Record by Recorded Future FSB detains administrator of UniCC carding forum - The Record by Recorded Future Opinion | Russia's takedown of REvil hacking collective sends an ominous message - The Washington Post Merck wins cyber-insurance lawsuit related to NotPetya attack - The Record by Recorded Future Canada confirms cyber-attack on foreign affairs ministry - The Record by Recorded Future (1) Global Affairs Canada suffers ‘cyber attack' amid Russia-Ukraine tensions: sources - National | Globalnews.ca U.S. venture capital firm in talks to buy Israel's infamous spyware maker NSO - Business - Haaretz.com Red Cross begs hackers not to leak data of "highly vulnerable people" - The Record by Recorded Future Assange permitted to file U.K. Supreme Court appeal in extradition case New MoonBounce UEFI bootkit can't be removed by replacing the hard drive - The Record by Recorded Future Sketchy ‘Account Recovery' Services Are Trying to Scam Hacking Victims on Twitter A UK government-backed campaign aims to thwart end-to-end encryption rollout - The Record by Recorded Future UK government plans to release Nmap scripts for finding vulnerabilities - The Record by Recorded Future OpenSubtitles discloses successful extortion attempt, data breach - The Record by Recorded Future IRS Will Soon Require Selfies for Online Access – Krebs on Security New Log4j attacks target SolarWinds, ZyXEL devices - The Record by Recorded Future Supply chain attack used legitimate WordPress add-ons to backdoor sites | Ars Technica https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout | The Daily Swig ‘Zero-Click' Zoom Vulnerabilities Could Have Exposed Calls | WIRED Flaws in third-party software exposed dozens of Teslas to remote access | TechCrunch Dark Souls servers taken down following discovery of critical vulnerability | Ars Technica F5 fixes high-risk NGINX Controller vulnerability in January patch rollout | The Daily Swig RCE bug chain patched in CentOS Web Panel | The Daily Swig Chain of vulnerabilities led to RCE on Cisco Prime servers | The Daily Swig People Can't See Some NFTs on Twitter, Crypto Wallets After OpenSea Goes Down Hacker abuses OpenSea to buy NFTs at older, cheaper prices - The Record by Recorded Future Crypto.com finally confirms major hack, says it lost $34 million - The Record by Recorded Future A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist ‘White Hat' Hacker Returns $1 Million Stolen In Crypto Theft Disaster Pirates Spammed an Infamous Soviet Short-wave Radio Station with Memes Introduction | ZKDocs Trail of Bits | Careers

    Risky Business #651 -- Russia's ransomware diplomacy

    Play Episode Listen Later Jan 19, 2022

    On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: Russia arrests REvil crew Ukraine government hit in messy hacks White House hosts open source pow-wow, but is it pointless? US cyber reporting law will come back from the dead Report: Israeli police targeted activists with NSO but without warrants Much, much more This week's sponsor interview is with HD Moore, the founder of Rumble. We're talking through what how he and his team helped customers respond to the log4j drama. They quickly added the capability to scan customer's environments for log4shell-affected tech. When asset discovery meets rapid vuln response! Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that's your thing. Show notes Russia arrests ransomware gang responsible for high-profile cyberattacks Celebrations over REvil ransomware arrests in Russia may be premature | The Daily Swig Ransomware gang behind attacks on 50 companies arrested in Ukraine - The Record by Recorded Future Europol takes down VPNLab, a service used by ransomware gangs - The Record by Recorded Future Albuquerque schools are having a cybersecurity snow day—and they aren't alone - The Record by Recorded Future What We Know and Don't Know about the Cyberattacks Against Ukraine - (updated) Dozens of Computers in Ukraine Wiped with Destructive Malware in Coordinated Attack Belarus: Cyber upstart, or Russian staging ground? White House hosts open-source software security summit in light of expansive Log4j flaw Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software | The Daily Swig GitLab shifts left to patch high-impact vulnerabilities | The Daily Swig Cyber incident reporting backers pledge to resume push - The Record by Recorded Future Israeli police used spyware to hack its own citizens, a report says : NPR El Salvador journalists hacked with NSO's Pegasus spyware - The Record by Recorded Future Cyber Command ties hacking group to Iranian intelligence - The Record by Recorded Future Earth Lusca threat actor targets governments and cryptocurrency companies alike - The Record by Recorded Future North Korea stole a record $400 million in cryptocurrency last year, researchers say Crypto.com Says Alleged $15 Million Hack Was Just an 'Incident' Who is the Network Access Broker ‘Wazawaka?' – Krebs on Security New Chrome security measure aims to curtail an entire class of Web attack | Ars Technica EA blames support staff for recent hacks of high-profile FIFA accounts - The Record by Recorded Future Researchers discover ‘extremely easy' 2FA bypass in Box cloud management software | The Daily Swig Introducing vAPI – an open source lab environment to learn about API security | The Daily Swig

    Risky Biz Soap Box: Rolling your own threat intelligence with Steve Miller

    Play Episode Listen Later Jan 14, 2022

    In this edition of the soap box we're chatting with Steve Miller, a senior researcher at Stairwell. Steve has a long history doing this sort of stuff. He worked inside various bits of the US government doing cyber things, and also spent a decent chunk of his career at Mandiant. His new employer, Stairwell, makes a platform that collects information about all files present in your environment and let's you do some fancy stuff with that information. You'll hear a little bit more about what they do in this interview, but we're not really talking that much about Stairwell in this interview. It's more about the evolution of threat intel. As you'll hear, Steve said the first iteration of the commercial threat intel space was very much born of govvies jumping out and bringing their thinking with them, but the space is evolving. The take away from this interview is that threat intelligence is more something that you do, not something you just blindly consume.

    Risky Business #650 -- USG drops Russia advisory as Ukraine tensions mount

    Play Episode Listen Later Jan 12, 2022

    On this week's show Patrick Gray, Katie Nickels and Joe Slowik discuss the week's security news, including: US Government warns of impending critical infrastructure hacks Log4j bug in VMWare gets a workout Ex Uber CSO Joe Sullivan facing wire fraud charges Signal to push ahead on cryptocurrency payments Italian literary nerd busted for running one man APT operation Much, much more This week's show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there and he's joining us this week to talk about the log4j bug and some adjacent issues. He's working on a paper with IST about the bug and what it all means, and he's joining us this week to talk about why the log4j drama was different. Links to everything that we discussed are below and you can follow Katie, Joe or Patrick on Twitter if that's your thing. Show notes US warns of Russian state-sponsored attacks on critical infrastructure - The Record by Recorded Future UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits - The Record by Recorded Future Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns CISA director: Log4Shell has not resulted in 'significant' government intrusions yet - The Record by Recorded Future Researchers discover Log4j-like flaw in H2 database console | The Daily Swig Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up' | The Daily Swig Signal's Cryptocurrency Feature Has Gone Worldwide | WIRED Alex Stamos on Twitter: "I'm glad that @CaseyNewton wrote about the legal risks of marrying E2EE with hard-to-trace money transmission and I was glad to talk to him. I think @signalapp is underestimating the legal attack surface they are opening up here. https://t.co/qx3qzwd6mk" / Twitter Signal >> Blog >> New year, new CEO Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds Italian man arrested for stealing unpublished book manuscripts - The Record by Recorded Future Activision Sues and Unmasks Alleged 'Call of Duty: Warzone' Cheat Sellers FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware - The Record by Recorded Future Threat actors can simulate iPhone reboots and keep iOS malware on a device - The Record by Recorded Future SOHO routers impacted by bug in USB-over-network component - The Record by Recorded Future Google Docs commenting feature abused in phishing operations - The Record by Recorded Future Coming to a laptop near you: A new type of security chip from Microsoft | Ars Technica SFile (Escal) ransomware ported for Linux attacks - The Record by Recorded Future FinalSite discloses ransomware attack that crippled websites for 8,000 schools - The Record by Recorded Future Albuquerque impacted by ransomware attack on Bernalillo County government - The Record by Recorded Future Hotel chain switches to Chrome OS to recover from ransomware attack - The Record by Recorded Future Moxie Marlinspike >> Blog >> My first impressions of web3

    Risky Business #649 -- Java being a fiddly mess saves the day

    Play Episode Listen Later Jan 5, 2022

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The log4j bug wrap The ransomware wrap The human rights and surveillance industry wrap Research and carnage wrap This week's show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you're about to hear they've now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched in a few weeks. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes FTC warns companies to remediate Log4j security vulnerability | Federal Trade Commission Srsly Risky Biz: Thursday December 16 The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review Propane distributor Superior Plus admits ransomware breach | The Daily Swig Ransomware attack threatens paychecks just before Christmas Cyberattack on one of Norway's largest media companies shuts down presses - The Record by Recorded Future Photography site Shutterfly is dealing with a ransomware attack - CyberScoop Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel - The Record by Recorded Future US food importer Atalanta admits ransomware attack | The Daily Swig The FBI believes the HelloKitty ransomware gang operates out of Ukraine - The Record by Recorded Future Ransomware affiliate arrested in Romania - The Record by Recorded Future Iranian hackers behind Cox Media Group ransomware attack - The Record by Recorded Future Israeli newspaper Jerusalem Post is hacked, website defaced to include threats Iranian Hackers Abuse Slack For Cyber Spying Why Wall Street is worried about state and local government cybersecurity - The Record by Recorded Future North Korean hackers target Russian diplomats using New Year greetings - The Record by Recorded Future Egyptian Politician Hacked by 2 Government Hacking Groups, Researchers Say Saudi women's rights activist says phone hack by U.S. contractors led to arrest -lawsuit | Reuters UAE agency put Pegasus spyware on the phone of Hanan Elatr, Jamal Khashoggi's wife - Washington Post A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists | TechCrunch Facebook says 50,000 users were targeted by cyber mercenary firms in 2021 | MIT Technology Review Encrypted Phone Company Backdoored by FBI Will Lead to 'Years' of Arrests Russian hackers bypass 2FA by annoying victims with repeated push notifications - The Record by Recorded Future More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild - The Record by Recorded Future Facebook expands bug bounty program to cover scraping attacks - The Record by Recorded Future Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation' | The Daily Swig Microsoft notifies customers of Azure bug that exposed their source code - The Record by Recorded Future US charges former GRU officer with hacking and stock market trading scheme - The Record by Recorded Future Crypto exchanges keep getting hacked, and there's little anyone can do CISA tells agencies to patch recent Windows 10 zero-day abused by Emotet botnet - The Record by Recorded Future Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels | TechCrunch Backdoor gives hackers complete control over federal agency network | Ars Technica Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide | Ars Technica

    Risky Biz Soap Box: Why Thinkst gives its honeytoken tech away for free

    Play Episode Listen Later Dec 10, 2021

    This isn't the normal weekly news episode of the show, if you're looking for the regular weekly Risky Business podcast, scroll one back in your podcast feed. This is a Soap Box edition, a wholly sponsored podcast brought to you in this instance by Thinkst Canary. For those who don't know, Thinkst makes hardware and virtual honeypots you can put on your network or into your cloud environments – they'll start chirping if an attacker interacts with them. They're a low cost and extremely effective detection tool. But you might not know that Thinkst also operates canarytokens.org where you can go set up a bunch of honeytokens for free. Hundreds of thousands of people are using canarytokens.org, but Thinkst doesn't charge anything for it, it's free to use. They'll even give you a docker container of the whole thing so you can run it yourself. Our guest today is Thinkst's founder and infosec legend Haroon Meer. He spent a chunk of his career at the South African security consultancy SensePost before founding Thinkst Applied Research and eventually launching Canary.Tools. In this interview we talk about what the industry is getting wrong, supply chain security, effective detections and more. But I started off by asking him why Thinkst hasn't tried to monetise canarytokens.org given how many people use it.

    Risky Business #648 -- Adios, 2021, it's been real

    Play Episode Listen Later Dec 8, 2021

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: NSO Group tools found on US embassy staff phones in Uganda Mitto is up to shady bidnez Ubiquiti “whistleblower” charged over hack Hounds everywhere Planned Parenthood breached Much, much more This week's sponsor interview is with Andrew Morris of Greynoise. Greynoise has a bunch of sensors out there on the Internets, so they can tell you when and IP that's hitting you is also hitting everyone else. If you work in a SOC, you know this is very useful. Greynoise has just signed a $30m deal with the US Department of Defense. As Andrew will explain in just a moment, this means if you work in a DoD agency it's now very easy for you to get a subscription. In this interview I also talk to Andrew about his adventures chasing down one of the people spamming Internet attached receipt printers with the antiwork manifesto from Reddit. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes NSO Pegasus spyware used to hack U.S. diplomats' phones - The Washington Post This Swiss Firm Exec Is Said To Have Operated A Secret Surveillance Operation - Bloomberg Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” – Krebs on Security Cyber Command boss acknowledges US military actions against ransomware groups Canadian spy agency targeted foreign hackers to ‘impose a cost' for cybercrime - National | Globalnews.ca FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs gov.uscourts.2.2.million-ransom-seizure - DocumentCloud 400,000 Planned Parenthood users' data stolen in ransomware attack Canadian police arrest Ottawa resident for ransomware attacks - The Record by Recorded Future Ransomware tracker: the latest figures [December 2021] - The Record by Recorded Future Court hands Microsoft control of websites linked to spying by Chinese hackers NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog A mysterious threat actor is running hundreds of malicious Tor relays - The Record by Recorded Future The Justice Department is ramping up its crackdown on money mules FIN7 hacker trialed in Russia gets no prison time - The Record by Recorded Future 1.5 million users joined Facebook Protect since September - The Record by Recorded Future Facebook Will Force More At-Risk Accounts to Use Two-Factor | WIRED Cyber incident reporting mandates suffer another congressional setback (5) Derek B Johnson on Twitter: "This statement from House Homeland Chair Bennie Thompson and Cyber Subcommittee Chair Yvette Clarke says process around incident reporting legislation was wracked with "dysfunction" and appears to firmly shut the door on the bill being reinserted into the NDAA. https://t.co/iBpmxAFJgQ" / Twitter BitMart loses $150 million in the second-largest crypto-heist of the year - The Record by Recorded Future Hacked Cryptocurrency Platform Begs Hacker to Please Return $119 Million Really stupid “smart contract” bug let hackers steal $31 million in digital coin | Ars Technica Received Some Random Cryptocurrency? It Might Be a Phishing Scam. Web skimmers hit 300+ sites hidden inside Google Tag Manager containers - The Record by Recorded Future New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers Zoho warns of new zero-day vulnerability exploited in attacks - The Record by Recorded Future APT groups from China, Russia, and India adopt novel attack technique - The Record by Recorded Future Flaws in Tonga's top-level domain left Google, Amazon, Tether web services vulnerable to takeover | The Daily Swig Compromising Email Supply Chains | CanIPhish GitHub - SummitRoute/csp_security_mistakes: Cloud service provider security mistakes USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services - SentinelOne A different way to do PAM -- Paul Lanzi, Remediant - YouTube Material Security: Keeping email safe at rest - YouTube The Sweeney Background Music (1975-1978) - YouTube

    Risky Business #647 -- Israel slashes cyber exports, Interpol takes down 1,000 crooks

    Play Episode Listen Later Dec 1, 2021

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Israel slashes number of countries it will export cyber tools to Interpol takes down 1,000 Internet fraudsters Ransomware crews lying low? When the tabloids do cyber the results are sometimes awesome Much, much more… This week's sponsor interview is with Ryan Kalember of Proofpoint. He's the EVP of Cybersecurity Strategy there and he's joining me this week to talk about how investment activity in cybersecurity is basically leaving everyone who isn't a mega enterprise behind. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Israel restricts cyberweapons export list by two-thirds, from 102 to 37 countries - The Record by Recorded Future US sanctions 28 quantum computing entities in China, Russia, Pakistan, Japan - The Record by Recorded Future Months-long Interpol crackdown nets more than 1,000 online fraud arrests Ukrainian police expose international phone-hacking gang | The Daily Swig Group-IB helps Italian officials take down scammers selling COVID-19 docs via Telegram - The Record by Recorded Future Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny Russian hacker wanted by FBI for 'using ransomware to fleece millions of dollars' is unmasked | Daily Mail Online When Russia Helped the U.S. Nab Cybercriminals How the pandemic pulled Nigerian university students into cybercrime - The Record by Recorded Future A Hacking Spree Against Iran Spills Out Into the Physical World | WIRED China agency tells Tencent their apps have to be approved before they go live or update - The Record by Recorded Future Srsly Risky Biz: Thursday, November 25 - by Tom Uren Incident reporting, ransomware payment legislation faces trouble in Senate North Korean hackers posed as Samsung recruiters to target security researchers - The Record by Recorded Future FBI document shows what data can be obtained from encrypted messaging apps - The Record by Recorded Future AT&T takes action against DDoS botnet that hijacked VoIP servers - The Record by Recorded Future You Can Now Get $25 From Zoom Following a Class Action Settlement (3) Konstantin on Twitter: "Apparently, someone from r/antiwork is bombarding the internet with RAW TCP/IP printing requests. I'm going to tag this just for kicks. https://t.co/P0NC2dO6hx" / Twitter (3) Matthew Garrett on Twitter: "Someone is targeting network-attached receipt printers on the public internet and just printing copies of the r/antiwork manifesto and this is glorious" / Twitter Private 5G Mobile Networks – AWS Private 5G – Amazon Web Services

    Risky Business #646 -- Apple cracks the sads, sues NSO Group

    Play Episode Listen Later Nov 24, 2021

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Apple sues NSO Group and it's all a bit weird Israel charges defence minister's house cleaner with Iranian hacker collusion (really) USA charges two Iranians over “Proud Boy” emails Cyber insurers nope out of comprehensive coverage Prodaft shells Conti, drops report like it's a Normal Thing Much, much more This week's show is sponsored by VMRay. We'll be chatting with one of VMRay's customers in this week's sponsor interview. Jim Byrge works on the CSIRT team at Valvoline, and he'll be along to talk about how they replaced their ageing, in-house developed SOAR platform with commercial tools. It was still harder than it should be in 2021, but they got there in the end. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Apple sues spyware maker NSO Group - The Record by Recorded Future Apple_v_NSO_Complaint_112321.pdf Crime Boss or Tech CEO? An Encrypted Phone Company Sues the Government to Save Itself Israel charges Defense Minister's house cleaner with leaking data to Iranian hackers - The Record by Recorded Future US charges Iranian hackers for spoofed Proud Boys emails threatening US voters - The Record by Recorded Future Insurers run from ransomware cover as losses mount | Reuters Brisbane's Langs Building Supplies and Melbourne's Network Overdrive hit by cyber attack | news.com.au — Australia's leading news site IRS seized $3.5 billion in cryptocurrency this past year, agency says Conti ransomware gang suffers security breach - The Record by Recorded Future Tor Project sees decline in server numbers, will offer rewards for new bridge operators - The Record by Recorded Future Conti gang has made at least $25.5 million since July 2021 - The Record by Recorded Future A third of all dark web domains are now v3 onion sites - The Record by Recorded Future Evil Corp: 'My hunt for the world's most wanted hackers' - BBC News Arrest in ‘Ransom Your Employer' Email Scheme – Krebs on Security FBI identified BEC scammers using bank surveillance footage - The Record by Recorded Future Banks must report major cyber incidents within 36 hours under finalized regulation Devious ‘Tardigrade' Malware Hits Biomanufacturing Facilities | WIRED GoDaddy data breach impacts 1.2 million WordPress site owners - The Record by Recorded Future Attackers don't bother brute-forcing long passwords, Microsoft engineer says - The Record by Recorded Future NUCLEUS:13 – Host of vulnerabilities shatter Nucelus TCP/IP stack defenses | The Daily Swig Malicious Python packages caught stealing Discord tokens, installing shells - The Record by Recorded Future Vulnerabilities in NPM allowed threat actors to publish new version of any package | The Daily Swig US, UK, and Australia warn of Iranian hacking activity after Microsoft report - The Record by Recorded Future FBI: An APT abused a zero-day in FatPipe VPNs for six months - The Record by Recorded Future CISA, FBI issue holiday warning about hackers, urge vigilance - The Record by Recorded Future

    Risky Biz Soap Box: DDoS crews will hit you creatively

    Play Episode Listen Later Nov 19, 2021

    In this edition of the Risky Biz Soap Box podcast we chat with Sean Leach, the Chief Product Architect at Fastly, about the history and current status of the DDoS ecosystem. Despite never really making money for criminals, DDoS attacks are still a problem. CDNs have soaked up a lot of the problem, so DDoS crews are getting creative. Do you know where you're vulnerable? Show notes Bouncy castle boss James Balcombe ordered arson hits on rivals

    Risky Business #645 -- How Israel used NSO to make friends in low places

    Play Episode Listen Later Nov 17, 2021

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Watering hole attacks are getting much better How Israel's government used NSO to strengthen its diplomatic ties Randori sat on some PAN 0day. This is fine. Facebook outs state-backed ops FBi has unfortunate incident with its mail boxes Much, much more This week's sponsor interview is with HD Moore. He's the founder of Rumble, the network asset discovery scanner, and he's joining us to talk about some new tricks he's added to the product, like integrations with cloud service APIs and external discovery products like Censys. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes British news website was hacked to control readers' computers, report says Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity Analyzing a watering hole campaign using macOS exploits Israel, spyware and corruption: NSO ties to Netanyahu, Bennett and other politicians - Israel News - Haaretz.com Pakistani hackers operated a fake app store to target former Afghan officials - The Record by Recorded Future Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors New Moses Staff group targets Israeli organizations in destructive attacks - The Record by Recorded Future Kevin Beaumont on Twitter: "Pay attention to this one when it's out. I haven't seen it, but it's possible to use BitLocker to remotely (re)encrypt every endpoint in AD in a way that only the attacker can decrypt… and it bypasses sec solutions. So I imagine it's that." / Twitter Hacker sends spam to 100,000 from FBI email address Booking.com was reportedly hacked by a US intel agency but never told customers | Ars Technica ‘Ghostwriter' Looks Like a Purely Russian Op—Except It's Not | WIRED Emotet botnet returns after law enforcement mass-uninstall operation - The Record by Recorded Future Canadian health systems recovering from breach that forced thousands of appointment cancellations Dustin Volz on Twitter: "@riskybusiness @DAlperovitch I think folks outside government can also underestimate how much agencies rehearse talking points and in testimony like this and try to be always on the same page—unless they don't want to be. And that adds to the sense of “conflict” or “disagreement” for some of us." / Twitter CERT-PL employees rally around politically-dismissed chief - The Record by Recorded Future US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits - The Record by Recorded Future Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating | Ars Technica DDR4 memory protections are broken wide open by new Rowhammer technique | Ars Technica New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica GoCD bug chain provides second springboard for supply chain attacks | The Daily Swig ‘Add yourself as super admin' – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover | The Daily Swig Adult cam site StripChat exposes the data of millions of users and cam models - The Record by Recorded Future Hundreds of WordPress sites defaced in fake ransomware attacks - The Record by Recorded Future

    Risky Biz Soap Box: Linux is an infrastructure OS, act accordingly

    Play Episode Listen Later Nov 12, 2021

    In this edition of the Soap Box podcast we're chatting with Jake King. Jake is a co-founder of Cmd Security, a Linux Security startup that was recently acquired by Elastic. Cmd's technology basically started out as a control and visibility tool for Linux systems that could restrict user actions. But over time, the product evolved to be more detection and response oriented. In this interview we talk to Jake about why Cmd wound up where it is, product wise, and what customers can expect now his company has been swept up by Elastic as a part of its broader push into XDR, or Extended Detection and Response.

    Risky Business #644 -- USA sanctions NSO Group, hits REvil

    Play Episode Listen Later Nov 10, 2021

    On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: US sanctions NSO, Candiru, COSEINC and Positive Technologies We wrap up the action in ransomware Why exploit tournaments are boring in America and exciting in China More malicious npm packages in the wild Pentagon updates CMMC to 2.0 Much, much more We'll hear from Corelight's CISO Bernard Brantley in this week's sponsor interview. We're talking about how attackers think in graphs and defenders think in lists.. Microsoft's John Lambert wrote a post about that back in 2015, and Bernard joins the show this week to talk about why it's just as relevant as ever. Stick around for that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes U.S. sanctions Israel's NSO Group over Pegasus spyware - The Washington Post Risky Business #310 -- Export exploits? Wassenaar says no - Risky Business Positive Technologies says US sanctions had little or no effect on its business - The Record by Recorded Future Hungarian official confirms government bought and used Pegasus spyware - The Record by Recorded Future NSO's Pegasus spyware found on the devices of six Palestinian activists - The Record by Recorded Future “A grim outlook”: How cyber surveillance is booming on a global scale | MIT Technology Review Spyware providers are flocking to international arms fairs to sell to NATO foes Ukraine discloses identity of Gamaredon members links it to Russia's FSB - The Record by Recorded Future PRC says FCC decision to pull China Telecom license was ‘based on suspicion,' not facts - The Record by Recorded Future China says a foreign spy agency hacked its airlines, stole passenger records - The Record by Recorded Future Hackers with Chinese links breach defense, energy targets, including one in US Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits | The Daily Swig House approves massive infrastructure plan that includes $1.9 billion for cybersecurity - The Record by Recorded Future Malware found in coa and rc, two npm packages with 23M weekly downloads - The Record by Recorded Future Pentagon issues revised cyber standards for contractors - The Record by Recorded Future Hacker steals $55 million from bZx DeFi platform - The Record by Recorded Future Suspect in scheme to breach major Twitter accounts is now charged with hacking crypto executives Scammer Convinced Instagram That Its Top Executive Was Dead GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps - The Record by Recorded Future Dangerous XSS bug in Google Chrome's ‘New Tab' page bypassed security features | The Daily Swig US offers $10 million reward for info on Darkside ransomware group - The Record by Recorded Future Hackers Apologize to Arab Royal Families for Leaking Their Data A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked - The Washington Post BlackMatter ransomware says its shutting down due to pressure from local authorities - The Record by Recorded Future CERT-France: Lockean ransomware group behind attacks on French companies - The Record by Recorded Future The ‘Groove' Ransomware Gang Was a Hoax – Krebs on Security Ransomware crackdown spreads in U.S., Europe and Asia US Treasury sanctions crypto-exchange Chatex for links to ransomware payments - The Record by Recorded Future Shared/Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.md at master · JohnLaTwC/Shared · GitHub Compare to open source Zeek