Risky Business News

Tom Uren and Amberleigh Jack talk about Huawei's contract to manage storage for Spain's lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004! They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that there are key individuals with outsize impact. But they also reinforce that the online communities they are involved in act as training grounds for cyber criminals. Arrests will slow hacks, not stop them. This episode is also available on Youtube. Show notes

Salt Typhoon breaches a US state's National Guard, Ukrainian hackers wipe the servers of a Russian drone maker, the UK relocates Afghans caught up in a data leak, and Microsoft outsources some US government work to China. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether US cyber operations are too stealthy. Could they get more bang for the buck if they adopted a devil may care attitude to getting busted? This episode is also available on Youtube. Show notes Should US spies steal Chinese commercial secrets?

A radio equipment vulnerability can bring trains to sudden stops, researchers prevent a Lazarus crypto attack, Spain hands Huawei control over its phone wiretapping system, and CISA warns of ongoing CitrixBleed 2 attacks. Show notes

In this Risky Business sponsored interview, Zero Networks Field CTO, Chris Boehm discusses the everyone-gets-an-AI future with Casey Ellis. Zero Networks makes network microsegmentation achievable without simply handing an AI control of the network. Will generative artificial intelligence ever be trusted to make hard access control decisions? Show notes

Two billion eSIMs receive crucial security patches, China's cyber militias go on the offensive, four Scattered Spider members detained over UK retail attacks, and a Russian basketball player is arrested in a ransomware case. Show notes

Tom Uren and Amberleigh Jack talk about our developing understanding of the group that people call Scattered Spider. Independent security firms agree that there are a small number of key people that are driving the group's outrageous success. That gives us hope that targeted action might stem the bleeding. They also talk about data leaks from China's cyber espionage ecosystem that are for sale on a data leak site. These look to contain actionable information from a counterintelligence point of view. And Tom wonders if a market for espionage-as-a-service will develop? This episode is also available on Youtube. Show notes

Italy arrests a Chinese APT hacker, a Russian drone software group gets wiped, the SatanLock ransomware operation shuts down, and browser extensions power a web scraping botnet. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how there is an opportunity for the US to expand its 0day and talent acquisition pool to Asia. They revisit a paper comparing the Chinese and American 0day acquisition strategies and have some quibbles. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

Chinese security researchers claim to have found a new American APT, the SEC and SolarWinds are seeking a settlement, a company insider was behind Brazil's bank hack, and Luis Vuitton discloses a security breach. Show notes

In this sponsored interview, Patrick Gray chats with the CEO of Knocknoc, Adam Pointon. They talk about the woeful state of internal enterprise networks and how many control system networks aren't appropriately segmented. Adam also explains why Knocknoc released a very simple identity aware proxy: For too long the Zero Trust “industry” has focussed on securing access to critical applications, while everything else is left behind to get owned. This is Zero Trust for crappy apps! Zero Trust for the rest of us! Show notes

A ransomware operation shuts down and releases free decryption keys, the FBI investigates a ransomware negotiator for taking kickbacks, Spain arrests two over government hacks, and hackers steal $185 million from Brazilian financial institutions. Show notes

Tom Uren and Patrick Gray discuss warnings about Iranian cyber attacks on US critical infrastructure. Despite many many warnings, there have been no actual attacks and they discuss the reasons why Iran would want to avoid escalatory cyber attacks. They also talk about how the FBI is struggling to deal with the democratisation of surveillance and data analysis, what the agency calls Ubiquitous Technical Surveillance (UTS). A Department of Justice audit of the FBI's response finds the threat from UTS is real and that sources have been murdered. But it seems that the FBI just doesn't care. This episode is also available on Youtube. Show notes

The US sanctions another Russian bulletproof hosting provider, the International Criminal Court discloses a security breach, the US dismantles 29 North Korean laptop farms, and a Chinese student gets jailed in the UK for SMS blasting. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Microsoft has embraced digital sovereignty and is bending over backwards to satisfy European tech supply chain concerns. This episode is also available on Youtube. Show notes The New York Times on the ICC Microsoft's 30 April Brad Smith post Microsoft's 4 June Brad Smith post

The Scattered Spider group targets the aviation sector, Russia throttles traffic from Cloudflare, a Mexican cartel hired hackers to track an FBI official, and Canada tells Hikvision to cease operations. Show notes

In this Risky Bulletin sponsor interview Craig Rowland, CEO of Sandfly Security, talks to Tom Uren about the disconnect between how important Linux systems are and how much security attention they get. The pair discuss the variety of reasons that security teams underinvest in protecting Linux. Show notes

A phishing group abuses a forgotten Exchange Online feature, a patient's death is linked to the Synnovis ransomware attack, France arrests the BreachForums leadership, and Microsoft offers free Windows 10 Extended Security Updates … with a catch. Show notes

Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines. The US is narrowly focussed on acquiring exquisitely stealthy and reliable exploits, while China casts a far broader net. That was fine in the past, but as 0days get harder and harder to find, the report argues that the US needs to change the way it goes about getting them. The pair also talk about Cyber Command supporting the US bomb strikes against Iranian nuclear facilities. We like to believe in magic cyber capabilities, but we suspect the truth was far more mundane in this case. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

Hackers fully open a valve at a Norwegian dam, the US house bans WhatsApp on staff devices, Russia wants to build a national IMEI database, and four REvil members are released after time served. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq dive into the motivations and actions of Predatory Sparrow, a purported hacktivist group that has been attacking Iran for the last five years and has leapt into the Iran-Israel war. This episode is also available on Youtube. Show notes

The White House rejects the Pentagon's nominee for NSA & CyberCom leader, the FCC probes the US Cyber Trust Mark program, a cyberattack disrupts Russia's animal products industry, and hackers leak data about everyone in Paraguay. Show notes

In this Risky Bulletin sponsor interview Fletcher Heisler, CEO of Authentik, talks to Tom Uren about the inflection points that make organisations consider rationalising their Identity Providers (IdPs). The pair also discuss sovereign tech stacks and how to earn the trust of customers. Show notes

Russian hackers abuse app-specific passwords to bypass multi-factor, the tenth Salt Typhoon victim is identified, Predatory Sparrow destroys $90 million from an Iranian crypto-exchange, and Argentina arrests a Russian disinfo gang. Show notes

Tom Uren and Patrick Gray talk about a Minnesota man who used people-search services to locate, stalk and eventually murder political targets. They also discuss purported hacktivist group Predatory Sparrow weighing in on the Iran-Israel conflict. It has attacked Iran's financial system including a bank associated with the Iranian Revolutionary Guard Corp and also burnt USD$90 million worth of cryptocurrency from an Iranian exchange This episode is also available on Youtube. Show notes

An Israeli-linked hacktivist group claims attack on Iranian bank, Chrome gets a new prompt to prevent local network attacks, a Century-old German napkin company goes under following ransomware attack, and Europol takes down the Archetyp dark web market. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq take a look at a new AI-powered covert influence campaign and compare it to World War 2 efforts. This episode is also available on Youtube. Show notes

Email accounts compromised at the Washington Post, shady email provider Cock.li gets hacked, hackers steal data from a French university, and the EU invests €145 million in hospital cybersecurity. Show notes

In this Risky Bulletin sponsor interview Michael Leland, Field CTO of Island, talks about how Island manages risks from extensions, phishing and infostealers. Even when credentials are stolen, it is still not game over and there are still ways to prevent data loss and breaches. Show notes

Intellexa is alive and well despite US sanctions, Paragon spyware used a zero-click iMessage exploit, South Korea's largest online bookstore gets ransomwared, and law enforcement takes down several cybercrime operations. Show notes

Tom Uren and Patrick Gray talk about how a Trump executive order has scaled back the government's cyber security ambitions. The carrots and sticks that would have been used to encourage organisations to adopt stricter security standards are gone. They also discuss North Korea's use of AI in its IT worker scam and the emergence of espionage-as-a-service… perhaps. This episode is also available on Youtube. Show notes

SentinelOne dodges a Chinese APT hack, anonymous sources point to more Salt Typhoon victims, a cyberattack disrupts grocery deliveries in the US, and 140 arrested in Kazakhstan for selling citizens' data. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq take a look at the hackers of Unit 29155, Russian military intelligence's sabotage and assassination group. This episode is also available on Youtube. Show notes The Insider 'Hidden Bear' investigation Japanese Tokuryū Ukraine SSSCIP report H1 2023

The EU launches its own DNS service, Trump revises previous administrations' cyber executive orders, a supply chain attack hits popular NPM packages, and mysterious iOS attacks spotted in the wild. Show notes

In this sponsored interview, Casey Ellis interviews Push Security co-founder and Chief Product Officer Jacques Louw about how good phishing crews have gotten at evading detection. Attackers are hiding their payloads behind legitimate bot-detection tools to stop things like email security gateways from seeing them, as well as locking up phishing pages behind OAuth challenges. Push sees all this because it's installed as a browser plugin and sees what users see. Show notes

A hacking group goes after Salesforce data, the FBI takes down the BidenCash carding forum, China offers rewards for Taiwanese military hackers, and high risk bugs are patched in enterprise software from HPE and Infoblox. Show notes

Tom Uren and Patrick Gray talk about how Operation Endgame, the multinational law enforcement effort to tackle ransomware is approaching the problem holisitically. It's tackling the enablers of ransomware and although it won't eliminate the crime, it'll make it harder for criminals. They also discuss the spyware app that helped to dismantle the Syrian regime, at least maybe a little bit, and how Russian military intelligence's sabotage and assasination unit got into cyber operations. This episode is also available on Youtube. Show notes

A spyware app infected the Syrian Army's soldiers before the regime collapsed, NSO appeals its WhatsApp verdict, Chrome and Qual-comm patch zero-days, and an emergency services information sharing group shuts down. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq look at NSA's take on information warfare, all the way back from 1997. This episode is also available on Youtube. Show notes Cryptolog, The Journal of Technical Health, from NSA in 1997

Law enforcement agencies take down A-V-Check, four US Senators urge for the reinstatement of the Cyber Safety Review Board, Germany identifies the leader of the TrickBot gang, and an AI-vibe-coding platform leaks user data and API keys. Show notes

In this sponsored interview, Risky Business Media's brand new interviewer Casey Ellis chats with runZero founder and CEO HD Moore about why vuln scanning tech is awful and broken. He also talks about how they're trying to do something better by glueing their own discovery product to the nuclei open source vulnerability scanner. Show notes

Windows Update will deliver third party app updates, a public database exposed Russia's nuclear secrets, US banks ask the SEC to rescind cyber breach disclosure rule, and ConnectWise discloses an APT breach. Show notes

Tom Uren and Patrick Gray talk about Russian DanaBot malware developers making a tailored variant of their malware specifically for espionage. This fills in some of the blanks on the exact relationship between Russian criminals and the country's intelligence services. They also discuss a US Director of National Intelligence initiative to centralise the purchase of commercially acquired information. Although this information can be used maliciously, having a one-stop-shop should make it easier to check that it is being used responsibly. This episode is also available on Youtube. Show notes

Dutch intelligence discovers a new Russian APT, a ransomware attack hits the maker of MATLAB, 20 arrested in Nigeria over hacking exam results, and an Iranian pleads guilty for the Robbinhood ransomware attacks. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq talk about cyber's ‘hard problems' and why they are intractable. This episode is also available on Youtube. Show notes Cyber Hard Problems, from the National Academies of Sciences

A major exodus of leadership is underway at CISA, the US government will audit NIST over its vulnerability backlog; an ancient and mysterious APT has been linked to Spain's government, and the SVG image format is great for phishing. Show notes

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bobby Filar, Head of Machine Learning at Sublime Security. Bobby takes us through the rising problem of spam bombing, or email bombing, a technique threat actors are increasingly using for initial access into corporate environments. Show notes Bobby Filar Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators Storm-1811 exploits RMM tools to drop Black Basta ransomware Massive Email Bombs Target .Gov Addresses A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Law enforcement takes down the DanaBot and Lumma Stealer malware operations, the US government wants a centralized data broker platform, Turkey dismantles a Chinese IMSI catcher spy ring, and Russia hacked border cameras to track Ukrainian military aid. Show notes

Tom Uren and Patrick Gray talk about how Telegram took down the two largest ever criminal marketplaces recently. They used Telegram for all their communications and had collectively sold over USD$30 billion in illicit products. The pair discuss why Telegram is now cooperating with authorities after historically being reluctant and whether this assistance will continue. They also discuss how Meta is awash with scam advertisements and how Chinese mobile app encryption is suspiciously awful. This episode is also available on Youtube. Show notes

DDoSecrets archives 400GB of stolen TeleMessage data, the FBI closes its FISA watchdog office, Predatorgate lawsuit delayed due to interpreter shortage, and a wave of DDoS attacks disrupt Russian government portals. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies. This episode is also available on Youtube. Show notes The I-Soon cyber espionage contractor data leak