Regular cybersecurity news updates from the Risky Business team...
China accuses the US of new cyberattacks, a $14.5b crypto hack discovered five years later, the US National Cyber Director is named, and Lovense considers legal action over a security flaw disclosure. Show notes Risky Bulletin: China with the accusations again
In this week's sponsor interview, Tines' Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they've seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover? Show notes
Russia spies on local embassies via ISPs, a Canadian man jailed for stealing Internet Apes, Signal threatens to leave Australia, and Russian pharmacies go down after a cyberattack. Show notes Risky Bulletin: Russia spies on foreign embassies using local ISPs
Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn't deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes
Russia's national airline cancels more than 100 flights following a cyberattack, the FBI seizes $2.4 million from the Chaos ransomware, Kazakhstan arrests a ransomware suspect, and Kyrgyzstan nationalizes internet access. Show notes Risky Bulletin: US seizes Chaos ransomware funds
Microsoft investigates a MAPP leak as the source of the SharePoint zero-day, US law enforcement takes down the BlackSuit ransomware portal, an Arizona woman is imprisoned for running a North Korean laptop farm, and Allianz life insurance suffers a security breach. Show notes
In this sponsored interview, Nucleus Security co-founder and COO, Scott Kuffer joins Casey Ellis to chat about how vulnerability management evolved into quite a lot more than just patch prioritization. Show notes
Microsoft rolls out better logging for incident responders, the SharePoint hacking spree hits major US agencies, Ukraine arrests the admin of a well-known hacking forum, and China launches a national Digital ID system. Show notes
Three Chinese APTs are behind the recent SharePoint zero-day attacks, the UK wants to ban the public sector from paying ransoms, Russia takes down a malware operation, and South Korea charges airline employees over selling celebrity data. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether China's ‘cyber militia' make sense and what they could be good for. This episode is also available on Youtube. Show notes Mobilizing Cyber Power: The Growing Role of Cyber Militias in China's Network Warfare Force Structure
An Iranian security firm is behind an airline hacking spree, Chinese hackers breach Singapore's critical infrastructure, new SharePoint and CrushFTP zero-days are being used in the wild, and Japan releases free ransomware decrypters. Show notes
In this Risky Business sponsored interview, Thinkst Canary CEO Haroon Meer chats to Casey Ellis about the company's impressive growth over the past decade, and how it approached that path a little differently to other firms. Haroon's advice for young startup founders: Is your problem worth solving? And can you actually solve it? And… Love your customers. Show notes
Hackers bypass FIDO keys with a new phishing technique, a mobile surveillance vendor deploys an SS7 exploit, ransomware hits South Korea's largest insurance provider, and law enforcement agencies dismantle a pro-Kremlin DDoS group. Show notes
Tom Uren and Amberleigh Jack talk about Huawei's contract to manage storage for Spain's lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004! They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that there are key individuals with outsize impact. But they also reinforce that the online communities they are involved in act as training grounds for cyber criminals. Arrests will slow hacks, not stop them. This episode is also available on Youtube. Show notes
Salt Typhoon breaches a US state's National Guard, Ukrainian hackers wipe the servers of a Russian drone maker, the UK relocates Afghans caught up in a data leak, and Microsoft outsources some US government work to China. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq examine whether US cyber operations are too stealthy. Could they get more bang for the buck if they adopted a devil may care attitude to getting busted? This episode is also available on Youtube. Show notes Should US spies steal Chinese commercial secrets?
A radio equipment vulnerability can bring trains to sudden stops, researchers prevent a Lazarus crypto attack, Spain hands Huawei control over its phone wiretapping system, and CISA warns of ongoing CitrixBleed 2 attacks. Show notes
In this Risky Business sponsored interview, Zero Networks Field CTO, Chris Boehm discusses the everyone-gets-an-AI future with Casey Ellis. Zero Networks makes network microsegmentation achievable without simply handing an AI control of the network. Will generative artificial intelligence ever be trusted to make hard access control decisions? Show notes
Two billion eSIMs receive crucial security patches, China's cyber militias go on the offensive, four Scattered Spider members detained over UK retail attacks, and a Russian basketball player is arrested in a ransomware case. Show notes
Tom Uren and Amberleigh Jack talk about our developing understanding of the group that people call Scattered Spider. Independent security firms agree that there are a small number of key people that are driving the group's outrageous success. That gives us hope that targeted action might stem the bleeding. They also talk about data leaks from China's cyber espionage ecosystem that are for sale on a data leak site. These look to contain actionable information from a counterintelligence point of view. And Tom wonders if a market for espionage-as-a-service will develop? This episode is also available on Youtube. Show notes
Italy arrests a Chinese APT hacker, a Russian drone software group gets wiped, the SatanLock ransomware operation shuts down, and browser extensions power a web scraping botnet. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how there is an opportunity for the US to expand its 0day and talent acquisition pool to Asia. They revisit a paper comparing the Chinese and American 0day acquisition strategies and have some quibbles. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
Chinese security researchers claim to have found a new American APT, the SEC and SolarWinds are seeking a settlement, a company insider was behind Brazil's bank hack, and Luis Vuitton discloses a security breach. Show notes
In this sponsored interview, Patrick Gray chats with the CEO of Knocknoc, Adam Pointon. They talk about the woeful state of internal enterprise networks and how many control system networks aren't appropriately segmented. Adam also explains why Knocknoc released a very simple identity aware proxy: For too long the Zero Trust “industry” has focussed on securing access to critical applications, while everything else is left behind to get owned. This is Zero Trust for crappy apps! Zero Trust for the rest of us! Show notes
A ransomware operation shuts down and releases free decryption keys, the FBI investigates a ransomware negotiator for taking kickbacks, Spain arrests two over government hacks, and hackers steal $185 million from Brazilian financial institutions. Show notes
Tom Uren and Patrick Gray discuss warnings about Iranian cyber attacks on US critical infrastructure. Despite many many warnings, there have been no actual attacks and they discuss the reasons why Iran would want to avoid escalatory cyber attacks. They also talk about how the FBI is struggling to deal with the democratisation of surveillance and data analysis, what the agency calls Ubiquitous Technical Surveillance (UTS). A Department of Justice audit of the FBI's response finds the threat from UTS is real and that sources have been murdered. But it seems that the FBI just doesn't care. This episode is also available on Youtube. Show notes
The US sanctions another Russian bulletproof hosting provider, the International Criminal Court discloses a security breach, the US dismantles 29 North Korean laptop farms, and a Chinese student gets jailed in the UK for SMS blasting. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Microsoft has embraced digital sovereignty and is bending over backwards to satisfy European tech supply chain concerns. This episode is also available on Youtube. Show notes The New York Times on the ICC Microsoft's 30 April Brad Smith post Microsoft's 4 June Brad Smith post
The Scattered Spider group targets the aviation sector, Russia throttles traffic from Cloudflare, a Mexican cartel hired hackers to track an FBI official, and Canada tells Hikvision to cease operations. Show notes
In this Risky Bulletin sponsor interview Craig Rowland, CEO of Sandfly Security, talks to Tom Uren about the disconnect between how important Linux systems are and how much security attention they get. The pair discuss the variety of reasons that security teams underinvest in protecting Linux. Show notes
A phishing group abuses a forgotten Exchange Online feature, a patient's death is linked to the Synnovis ransomware attack, France arrests the BreachForums leadership, and Microsoft offers free Windows 10 Extended Security Updates … with a catch. Show notes
Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines. The US is narrowly focussed on acquiring exquisitely stealthy and reliable exploits, while China casts a far broader net. That was fine in the past, but as 0days get harder and harder to find, the report argues that the US needs to change the way it goes about getting them. The pair also talk about Cyber Command supporting the US bomb strikes against Iranian nuclear facilities. We like to believe in magic cyber capabilities, but we suspect the truth was far more mundane in this case. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
Hackers fully open a valve at a Norwegian dam, the US house bans WhatsApp on staff devices, Russia wants to build a national IMEI database, and four REvil members are released after time served. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq dive into the motivations and actions of Predatory Sparrow, a purported hacktivist group that has been attacking Iran for the last five years and has leapt into the Iran-Israel war. This episode is also available on Youtube. Show notes
The White House rejects the Pentagon's nominee for NSA & CyberCom leader, the FCC probes the US Cyber Trust Mark program, a cyberattack disrupts Russia's animal products industry, and hackers leak data about everyone in Paraguay. Show notes
In this Risky Bulletin sponsor interview Fletcher Heisler, CEO of Authentik, talks to Tom Uren about the inflection points that make organisations consider rationalising their Identity Providers (IdPs). The pair also discuss sovereign tech stacks and how to earn the trust of customers. Show notes
Russian hackers abuse app-specific passwords to bypass multi-factor, the tenth Salt Typhoon victim is identified, Predatory Sparrow destroys $90 million from an Iranian crypto-exchange, and Argentina arrests a Russian disinfo gang. Show notes
Tom Uren and Patrick Gray talk about a Minnesota man who used people-search services to locate, stalk and eventually murder political targets. They also discuss purported hacktivist group Predatory Sparrow weighing in on the Iran-Israel conflict. It has attacked Iran's financial system including a bank associated with the Iranian Revolutionary Guard Corp and also burnt USD$90 million worth of cryptocurrency from an Iranian exchange This episode is also available on Youtube. Show notes
An Israeli-linked hacktivist group claims attack on Iranian bank, Chrome gets a new prompt to prevent local network attacks, a Century-old German napkin company goes under following ransomware attack, and Europol takes down the Archetyp dark web market. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq take a look at a new AI-powered covert influence campaign and compare it to World War 2 efforts. This episode is also available on Youtube. Show notes
Email accounts compromised at the Washington Post, shady email provider Cock.li gets hacked, hackers steal data from a French university, and the EU invests €145 million in hospital cybersecurity. Show notes
In this Risky Bulletin sponsor interview Michael Leland, Field CTO of Island, talks about how Island manages risks from extensions, phishing and infostealers. Even when credentials are stolen, it is still not game over and there are still ways to prevent data loss and breaches. Show notes
Intellexa is alive and well despite US sanctions, Paragon spyware used a zero-click iMessage exploit, South Korea's largest online bookstore gets ransomwared, and law enforcement takes down several cybercrime operations. Show notes
Tom Uren and Patrick Gray talk about how a Trump executive order has scaled back the government's cyber security ambitions. The carrots and sticks that would have been used to encourage organisations to adopt stricter security standards are gone. They also discuss North Korea's use of AI in its IT worker scam and the emergence of espionage-as-a-service… perhaps. This episode is also available on Youtube. Show notes
SentinelOne dodges a Chinese APT hack, anonymous sources point to more Salt Typhoon victims, a cyberattack disrupts grocery deliveries in the US, and 140 arrested in Kazakhstan for selling citizens' data. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq take a look at the hackers of Unit 29155, Russian military intelligence's sabotage and assassination group. This episode is also available on Youtube. Show notes The Insider 'Hidden Bear' investigation Japanese Tokuryū Ukraine SSSCIP report H1 2023
The EU launches its own DNS service, Trump revises previous administrations' cyber executive orders, a supply chain attack hits popular NPM packages, and mysterious iOS attacks spotted in the wild. Show notes
In this sponsored interview, Casey Ellis interviews Push Security co-founder and Chief Product Officer Jacques Louw about how good phishing crews have gotten at evading detection. Attackers are hiding their payloads behind legitimate bot-detection tools to stop things like email security gateways from seeing them, as well as locking up phishing pages behind OAuth challenges. Push sees all this because it's installed as a browser plugin and sees what users see. Show notes
A hacking group goes after Salesforce data, the FBI takes down the BidenCash carding forum, China offers rewards for Taiwanese military hackers, and high risk bugs are patched in enterprise software from HPE and Infoblox. Show notes
Tom Uren and Patrick Gray talk about how Operation Endgame, the multinational law enforcement effort to tackle ransomware is approaching the problem holisitically. It's tackling the enablers of ransomware and although it won't eliminate the crime, it'll make it harder for criminals. They also discuss the spyware app that helped to dismantle the Syrian regime, at least maybe a little bit, and how Russian military intelligence's sabotage and assasination unit got into cyber operations. This episode is also available on Youtube. Show notes
A spyware app infected the Syrian Army's soldiers before the regime collapsed, NSO appeals its WhatsApp verdict, Chrome and Qual-comm patch zero-days, and an emergency services information sharing group shuts down. Show notes