Podcast appearances and mentions of adam boileau

  • 9PODCASTS
  • 256EPISODES
  • 53mAVG DURATION
  • 1WEEKLY EPISODE
  • May 28, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about adam boileau

Latest podcast episodes about adam boileau

Risky Business
Risky Business #793 -- Scattered Spider is hijacking MX records

Risky Business

Play Episode Listen Later May 28, 2025 64:52


In this week's edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week's news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS … ‘cause that's how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISA's leadership is fleeing in droves, even though the US needs them more than ever. This week's episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year's RSA conference. This episode is also available on Youtube. Show notes China-linked ‘Silk Typhoon' hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events

Risky Business
Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now

Risky Business

Play Episode Listen Later May 21, 2025 53:01


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britain's legal aid service gets 15 years worth of applicant data stolen Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library This week's episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks! This episode is also available on Youtube. Show notes TeleMessage - Distributed Denial of Secrets How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED Coinbase says thieves stole user data and tried to extort $20M Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive Severed Fingers and ‘Wrench Attacks' Rattle the Crypto Elite Money Stuff: US Debt Rates Itself | NewsletterHunt 2 massive black market services blocked by Telegram, messaging app says | Reuters Telegram Gave Authorities Data on More than 20,000 Users GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch ATO warning as hackers steal $14,000 in tax returns: ‘Be wary' Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News 19-year-old accused of largest child data breach in U.S. agrees to plead guilty Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

Risky Business
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys

Risky Business

Play Episode Listen Later May 14, 2025 57:52


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week's episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. This episode is also available on Youtube. Show notes Exploiting Copilot AI for SharePoint | Pen Test Partners MrBruh's Epic Blog Ransomware group Lockbit appears to have been hacked, analysts say | Reuters "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET's birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states The organizational structure of ransomware groups is evolving rapidly. SAP NetWeaver exploitation enters second wave of threat activity China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures DOGE software engineer's computer infected by info-stealing malware Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades FBI and Dutch police seize and shut down botnet of hacked routers Poland arrests four in global DDoS-for-hire takedown School districts hit with extortion attempts after PowerSchool breach EU launches vulnerability database to tackle cybersecurity threats Training Solo - vusec Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet PSIRT | FortiGuard Labs EPMM Security Update | Ivanti

Risky Business
Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate

Risky Business

Play Episode Listen Later May 7, 2025 56:12


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: White House's off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow. Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad After six years dormant, a Magento eCommerce platform backdoor comes to life The North Korean IT worker scam is truly webscale NSO group owes Meta $168m for hacking WhatsApp This week's episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars? This week's show also features an excerpt from Pat's interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube. This episode is available on Youtube too. Show notes Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs The Signal Clone the Trump Admin Uses Was Hacked App used by Mike Waltz suspends services after hacking claims Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News Co-op DragonForce cyber attack includes customer data, firm admits Co-op cyber attack: Staff told to keep cameras on in meetings Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica Microsoft's new “passwordless by default” is great but comes at a cost - Ars Technica Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News Trump proposes major cut to CISA's budget, citing false ‘censorship' claims | Cybersecurity Dive NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop

Risky Business
Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful

Risky Business

Play Episode Listen Later Apr 30, 2025 62:31


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: British retail stalwart Marks & Spencer gets cybered South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat It's a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then) Anti-DOGE whistleblower sure sounds like he has a point This week's episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc's CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems. Editors Note : Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don't look at how fresh that AAAA record in the DNS is, friends

Risky Business News
Srsly Risky Biz: When pig butcherers fly

Risky Business News

Play Episode Listen Later Apr 24, 2025 16:14


Tom Uren and Adam Boileau talk about how scam compound criminal syndicates are responding to strong government action by moving operations overseas. It's good they are being affected, but they are shifting into new countries that don't have the ability to counter industrial-scale transnational organised crime. They also discuss CISA's Secure by Design initiative and that key people behind the program have left the organisation. Given prospective job cuts at CISA it is hard to see the initiative getting a lot of love, but international cyber security authorities should pick up the slack. This episode is also available on Youtube. Show notes Cyberfraud in the Mekong reaches inflection point, UNODC reveals

Risky Business
Risky Business #787 -- Trump fires NSA director, CISA cuts inbound

Risky Business

Play Episode Listen Later Apr 9, 2025 53:01


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn't matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadn't found China in yet, looked, found China in them …which is a great time to discuss slashing CISA's staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico's Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube. Show notes Oracle privately confirms Cloud breach to customers Oracle have finally issued a written notification to customers about their cybersecurity incident. Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive Trump fires numerous National Security Council staff - The Washington Post Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive Hackers Spied on US Bank Regulators' Emails for Over a Year - Bloomberg This is how Jeffrey Goldberg got added to the Signal chat Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News Everest ransomware group's darknet site offline following defacement | The Record from Recorded Future News On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub The DragonForce ransomware group hacked two rivals this month CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News Kill Security Campaign Targets CrushFTP Servers National Vulnerability Database | NIST Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

Risky Business
Risky Business #786 -- Oracle is lying

Risky Business

Play Episode Listen Later Apr 2, 2025 55:14


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Yes, Oracle Health and Oracle Cloud did get hacked The fallout from Signalgate continues North Korean IT workers pivot to Europe Honeypot data suggests a storm is brewing for Palo Alto VPNs Canadian Anon gets arrested for hacking Texas GOP This week's episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit. This episode is also available on Youtube. Show notes Oracle Health breach compromises patient data at US hospitals FBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & Analysis Oracle Still Denies Breach as Researchers Persist Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity Dive Publius on X: "

Risky Business
Risky Business #785 -- Signal-gate is actually as bad as it looks

Risky Business

Play Episode Listen Later Mar 26, 2025 59:05


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This week's episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he's doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he's got you fam. This episode is also available on Youtube. Show notes The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive Researchers back claim of Oracle Cloud breach despite company's denials | Cybersecurity Dive The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop US scraps sanctions on Tornado Cash, crypto ‘mixer' accused of laundering North Korea money | Reuters Tornado Cash Delisting | U.S. Department of the Treasury Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News Clevo Boot Guard Keys Leaked in Update Package Six additional countries identified as suspected Paragon spyware customers | CyberScoop The Citizen Lab's director dissects spyware and the ‘proliferating' market for it | The Record from Recorded Future News Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News DNA of 15 Million People for Sale in 23andMe Bankruptcy

Risky Business
Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

Risky Business

Play Episode Listen Later Mar 19, 2025 56:58


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projects Why a VC fund now owns a minority stake in Risky Business Media (!?!?) China doxes Taiwanese military hackers Microsoft thinks .lnk file whitespace trick isn't worth patching but APTs sure love it CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave …and Google acquires Wiz for $32bn This week's show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that's been around 40 years. This episode is also available on Youtube. Show notes Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media China says Taiwan's military is behind PoisonIvy APT China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News 'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW ‘People Are Scared': Inside CISA as It Reels From Trump's Purge | WIRED The Wiretap: CISA Staff Are Cautiously Optimistic About Trump's Pick For Director White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News Telegram CEO Pavel Durov allowed to leave France amid investigation Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel

Risky Business
Risky Business #783 -- Evil webcam ransomwares entire Windows network

Risky Business

Play Episode Listen Later Mar 12, 2025 63:40


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice! Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline. This week's episode is sponsored by SpecterOps, makers of the Bloodhound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using Bloodhound's insight. This episode is also available on Youtube. Show notes CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security Camera off: Akira deploys ransomware via webcam Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices Alleged Co-Founder of Garantex Arrested in India – Krebs on Security 37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica What Really Happened With the DDoS Attacks That Took Down X | WIRED Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News Safe.eth on X: "Investigation Updates and Community Call to Action" / X How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support. US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News Former top NSA cyber official: Probationary firings ‘devastating' to cyber, national security | CyberScoop U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post

Risky Business
Risky Business #782 -- Are the USA and Russia cyber friends now?

Risky Business

Play Episode Listen Later Mar 5, 2025 50:12


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Did the US decide to stop caring about Russian cyber, or not? Adam stans hard for North Korea's massive ByBit crypto-theft Cellebrite firing Serbia is an example of the system working Starlink keeps scam compounds in Myanmar running Biggest DDoS botnet yet pushes over 6Tbps This week's episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon. This episode is also available on Youtube. Show notes Sygnia Preliminary Bybit Investigation Report Verichains Bybit Incident Investigation Preliminary Report North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News Risky Bulletin: Trump administration stops treating Russian hackers as a threat - Risky Business Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated) Russia to redeploy resources freed up by end of war in Ukraine, warns Finnish intelligence | The Record from Recorded Future News FBI urges crypto community to avoid laundering funds from Bybit hack | The Record from Recorded Future News Risky Bulletin: Cellebrite bans bad boy Serbia - Risky Business Belgium probes suspected Chinese hack of state security service | The Record from Recorded Future News Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US | The Record from Recorded Future News Elon Musk's Starlink Is Keeping Modern Slavery Compounds Online | WIRED U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security Google Password Manager finally syncs to iOS—here's how - Ars Technica Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms | Cybersecurity Dive Microsoft-signed driver used in ransomware attacks | Cybersecurity Dive London member of ‘Com' network convicted of making indecent images of children | The Record from Recorded Future News Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight

Risky Business
Risky Business #781 -- How Bybit oopsied $1.4bn

Risky Business

Play Episode Listen Later Feb 26, 2025 62:40


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: North Korea pulls off a 1.5 billion dollar crypto heist Apple pulls Advanced Data Protection from the UK Black Basta ransomware gang's internal chats leak Russians snoop on Signal with QR codes And Myanmar ships thousands of freed scam compound workers to Thailand Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she outed the NSA? This week's episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows' own allow-listing software to block EDR from loading. This episode is also available on Youtube. Show notes Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News CertiK - Bybit Incident Technical Analysis Hackers use ‘sophisticated' macOS malware to steal cryptocurrency, Microsoft says | The Record from Recorded Future News EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News Sanctions: Iranians Flock to Crypto; Int'l Actions Target Russia - Chainalysis Apple turns off iCloud encryption feature in UK following reported government legal order | The Record from Recorded Future News Swedish authorities seek backdoor to encrypted messaging apps | The Record from Recorded Future News Leaked chat logs expose inner workings of secretive ransomware group - Ars Technica Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News Meta Sues Alleged Violent Extortionist For Holding Instagram Accounts Hostage Weathering the storm: In the midst of a Typhoon Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News Genea confirms cyber breach after ‘unauthorised third party' accesses data | news.com.au — Australia's leading news site Managed healthcare defense contractor to pay $11 million over alleged cyber failings | The Record from Recorded Future News Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News Director-General's Annual Threat Assessment 2025 | ASIO An inside look at NSA (Equation Group) TTPs from China's lense

Risky Business
Risky Business #780 -- ASD torched Zservers data while admins were drunk

Risky Business

Play Episode Listen Later Feb 19, 2025 60:35


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Australian spooks scrubbed Medibank data off Zservers bulletproof hosting Why device code phishing is the latest trick in confusing poor users about cloud authentication Cloudflare gets blocked in Spain, but only on weekends and because of… football? Palo Alto has yet another dumb bug Adam gushes about Qualys' latest OpenSSH vulns Enterprise browser maker Island is this week's sponsor and Chief Customer Officer Braden Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches. This episode is also available on Youtube. Show notes Five Russians went out drinking. When they got back, Australia had struck Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News Further cyber sanctions in response to Medibank Private cyberattack | Defence Ministers What is device code phishing, and why are Russian spies so successful at it? - Ars Technica Anyone Can Push Updates to the DOGE.gov Website Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway (Update) * TorrentFreak Palo Alto Networks warns firewall vulnerability is under active exploitation | Cybersecurity Dive Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog China's Salt Typhoon hackers targeting Cisco devices used by telcos, universities | The Record from Recorded Future News RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign A Hacker Group Within Russia's Notorious Sandworm Unit Is Breaching Western Networks | WIRED How Phished Data Turns into Apple & Google Wallets – Krebs on Security New hack uses prompt injection to corrupt Gemini's long-term memory Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence | The Record from Recorded Future News US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News EXCLUSIVE: A Russia-linked Telegram network is inciting terrorism and is behind hate crimes in the UK – HOPE not hate Remembering David Jorm - fundraising for Mental Health research

Risky Business
Risky Business #779 -- DOGE staffer linked to The Com

Risky Business

Play Episode Listen Later Feb 12, 2025 58:48


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Musk's DOGE kid has a history with The Com Paragon fires Italy as a spyware customer Thailand cuts power to scam compounds… … and arrests Phobos/8Base Russian cybercrims The CyberCX DFIR report shows non-U2F MFA is well and truly over And much, much more. This week's episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious work, so they can focus on the value of human insight. Dropzone's founder and CEO Edward Wu joins to talk about how they approach the problem. This episode is also available on Youtube. Show notes Teen on Musk's DOGE Team Graduated from ‘The Com' – Krebs on Security ACLU Warns DOGE's ‘Unchecked' Access Could Violate Federal Law | WIRED Lawsuit accuses Trump administration of violating federal information security law | The Record from Recorded Future News The Recruitment Effort That Helped Build Elon Musk's DOGE Army | WIRED States prepare privacy lawsuit against DOGE over access to federal data | The Record from Recorded Future News Union groups sue Treasury over giving DOGE access to sensitive data | The Record from Recorded Future News Student group sues Education Department over reported DOGE access to financial aid databases | The Record from Recorded Future News Hackers exploiting bug in popular Trimble Cityworks tool used by local gov'ts | The Record from Recorded Future News DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers - Ars Technica DeepSeek Is a Win for Chinese Hackers - Risky Business Owner of spyware used in alleged WhatsApp breach ends contract with Italy | WhatsApp | The Guardian Another person targeted by Paragon spyware comes forward | TechCrunch Apple fixes security flaw allowing third-party access to locked devices | The Record from Recorded Future News U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure | CyberScoop Thailand cuts power supply to Myanmar scam hubs | The Record from Recorded Future News 8Base ransomware site taken down as Thai authorities arrest 4 connected to operation | The Record from Recorded Future News Two Russian nationals arrested in takedown of Phobos ransomware infrastructure | The Record from Recorded Future News The Company Man: Binance exec detained in Nigeria breaks his silence | The Record from Recorded Future News Deloitte pays $5M in connection with breach of Rhode Island benefits site | Cybersecurity Dive DFIR - Threat Report 2025 | CyberCX Request a Demo | Dropzone AI

Risky Business
Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems

Risky Business

Play Episode Listen Later Feb 5, 2025 56:28


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: DeepSeek leaves an unauthed database on the internet Russia hacked UK prime minister's personal mail Australia sanctions a Telegram group… which is more sensible than it sounds Medical device backdoor turns out to be just poorly thought out upgrade feature Google abuses weak hashing to patch AMD CPU microcode And much, much more. This week's episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers' abuse of legitimate services like Docusign is a challenge for email security vendors. This episode is also available on Youtube. Show notes Exclusive: Musk aides lock workers out of OPM computer systems | Reuters Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog Криптостилер SparkCat в магазинах Google Play и App Store | Securelist Russian hackers suspected of compromising British PM's personal email account | The Record from Recorded Future News PowerSchool hack: missed basic security step resulted in data breach Australia sanctions ‘Terrorgram' white supremacist online group | The Record from Recorded Future News ‘Paid actors' could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The Guardian Interview with James Glenday, ABC News Breakfast | Australian Minister for Foreign Affairs WhatsApp says spyware company Paragon Solutions targeted journalists Spyware maker Paragon confirms US government is a customer | TechCrunch Former Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future News Sweden releases suspected ship, says cable break ‘clearly' not sabotage | The Record from Recorded Future News Backdoor found in two healthcare patient monitors, linked to IP in China Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub 22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars Technica A method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UK Living Off the Land: Credential Phishing via Docusign abuse Living Off the Land: Callback Phishing via Docusign comment B2B freight-forwarding scams on the rise to evade financial fraud crackdowns Callback phishing via invoice abuse and distribution list relays Enhanced message groups: Improving efficiency in email incident response

Risky Business
Risky Business #777 -- It's SonicWall's turn

Risky Business

Play Episode Listen Later Jan 29, 2025 51:26


Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week's cybersecurity news. They talk through: Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europe's power grid Apple CPUs get a new speculative execution side channel And much, much more. This week's episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps. This episode is also available on Youtube. Show notes SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive MasterCard DNS Error Went Unnoticed for Years – Krebs on Security Data breach hitting PowerSchool looks very, very bad - Ars Technica OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks' | The Record from Recorded Future News Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News Researchers say new attack could take down the European power grid - Ars Technica At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica Apple fixes zero-day flaw affecting all devices | TechCrunch I'm Lovin' It: Exploiting McDonald's APIs to hijack deliveries and order food for a penny Government websites vanish under Trump, from the Constitution to DEI Trail of Bits: Director, Technical Marketing Push Security: Security Researcher (remote in the USA) A new class of phishing: Verification phishing and cross-IdP impersonation

Risky Business
Risky Business #776 -- Trump will flex American cyber muscles

Risky Business

Play Episode Listen Later Jan 22, 2025 63:53


Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week's cybersecurity news and there is a whole bunch of it. They discuss: The incoming Trump administration guts the CSRB Biden's last cyber Executive Order has sensible things in it China's breach of the US Treasury gets our reluctant admiration Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon New year, same shameful comedy Forti- and Ivanti- bugs US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing And much, much (much! after a month off) more. This week's episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you've got a telco full of unix, and people are asking how much Salt Typhoon you've got in there… Sandfly's tools are probably what you're looking for. If you like your Business like us… - Risky - then we're hiring! We're looking for someone to help with audio and video production for our work, manage our socials, and if you're also into the Cybers… even better. Position is remote, with a preference for timezones amenable to Australia/NZ. Drop us a line: editorial at risky.biz. This episode is also available on Youtube. Show notes POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisers Treasury's sanctions office hacked by Chinese government, officials say Strengthening America's Resilience Against the PRC Cyber Threats | CISA AT&T, Verizon say they evicted Salt Typhoon from their networks Risky Bulletin: Looking at Biden's last cyber executive order - Risky Business Internet-connected devices can now have a label that rates their security | Reuters US sanctions prominent Chinese cyber company for role in Flax Typhoon attacks FCC ‘rip and replace' provision for Chinese tech tops cyber provisions in defense bill CIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoop Trump tells Justice Department not to enforce TikTok ban for 75 days Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future News Unpacking WhatsApp's Legal Triumph Over NSO Group | Lawfare Time to check if you ran any of these 33 malicious Chrome extensions Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware Researchers warn of active exploitation of critical Apache Struts 2 flaw DOJ deletes China-linked PlugX malware off more than 4,200 US computers Russian internet provider confirms its network was ‘destroyed' following attack claimed by Ukrainian hackers | The Record from Recorded Future News Ukraine restores state registers after suspected Russian cyberattack | The Record from Recorded Future News Hackers claim to breach Russian state agency managing property, land records | The Record from Recorded Future News U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Risky Business
Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Risky Business

Play Episode Listen Later Dec 18, 2024


On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The SEC's cyber incident reporting isn't very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they're not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps' Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. This episode is also available Youtube. Show notes SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive US senators, green groups call for accountability over hacking of Exxon critics | Reuters Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News EU opens investigation into TikTok and the Romanian election – POLITICO Clop ransomware claims responsibility for Cleo data theft attacks CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News CVE-2024-55956 | AttackerKB Apache issues patches for critical Struts 2 RCE bug • The Register Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News Israeli spyware firm Paragon acquired by US investment group, report says | Reuters How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

Risky Business
Risky Business #774 -- Cleo file transfer appliances under widespread attack

Risky Business

Play Episode Listen Later Dec 11, 2024 62:28


On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Cleo file transfer products have a remote code exec, here we go again! Snowflake phases out password-based auth Chinese Sophos-exploit-dev company gets sanctioned Romania's election gets rolled back after Tiktok changed the outcome AMD's encrypted VM tech bamboozled by RAM with one extra address bit Some cool OpenWRT research And much, much more. This week's episode is sponsored by Thinkst, who love sneaky canary token traps. Jacob Torrey previews an upcoming Blackhat talk filled with interesting operating system tricks you can use to trigger canaries in your environment. You wont believe the third trick! Attackers hate him! This episode is also available on Youtube. Show notes Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 | Huntress Blue Yonder investigating data leak claim following ransomware attack | Cybersecurity Dive Snowflake to phase out single-factor authentication by late 2025 | Cybersecurity Dive Treasury Sanctions Cybersecurity Company Involved in Compromise of Firewall Products and Attempted Ransomware Attacks | U.S. Department of the Treasury Another teenage hacker charged as feds continue Scattered Spider crackdown | The Record from Recorded Future News Germany arrests suspected admin of country's largest criminal marketplace | The Record from Recorded Future News FCC, for first time, proposes cybersecurity rules tied to wiretapping law | CyberScoop Russian state hackers abuse Cloudflare services to spy on Ukrainian targets | The Record from Recorded Future News Cloudflare's pages.dev and workers.dev Domains Increasingly Abused for Romania annuls presidential election over alleged Russian interference | The Record from Recorded Future News EU demands TikTok 'freeze and preserve data' over alleged Russian interference in Romanian elections | The Record from Recorded Future News Research Note: Meta's Role in Romania's 2024 Presidential Election - CheckFirst Key electricity distributor in Romania warns of ‘cyber attack in progress' | The Record from Recorded Future News Backdoor slipped into popular code library, drains ~$155k from digital wallets - Ars Technica AMD's trusted execution environment blown wide open by new BadRAM attack - Ars Technica New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader – PT SWARM Telegram partners with child safety group to scan content for sexual abuse material Apple hit with $1.2B lawsuit after killing controversial CSAM-detecting tool - Ars Technica Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research How do I turn on the Do Not Track feature? | Firefox Help

Risky Business News
Srsly Risky Biz: Why hack and leak is still a big deal

Risky Business News

Play Episode Listen Later Dec 5, 2024 21:41


In this podcast Tom Uren and Adam Boileau talk about the continued importance of hack and leak operations. They didn't really affect the recent US presidential election, but they are still a powerful tool for vested interests to influence public policy. They also discuss the police bust of MATRIX, yet another encrypted messenger that is marketed to criminals and designed to resist police surveillance. The crimephone landscape is splintering due to the constant drumbeat of police success. This episode is also available on Youtube.

Risky Business
Risky Business #773 -- Cybercriminals are dropping like flies in Russia

Risky Business

Play Episode Listen Later Dec 4, 2024 57:02


On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The FTC decides its time to take another look at Microsoft Exxon's opponents targeted by hackers Russian hackers keep getting sentenced and it confuses us The Feds recommend Signal, because throwing hackers out of telcos ain't gonna happen A South Korean set-top-box manufacturer shipped a DDoS client for corpo-combat And much, much more. This week's sponsor interview with Vijit Nair from Corelight. We talk to him about doing detection in cloud environments, and how the varied nature of cloud systems makes the old ways - network monitoring - useful in new and interesting ways. If you're in Sydney, Pat is recording a live episode of the Wide World of Cyber with Chris Krebs on 5 December. There might still be tickets left! This episode is also available on Youtube. Show notes SentinelOne: Risky Business LIVE FTC opens Microsoft antitrust investigation | AP News Exclusive: Exxon lobbyist investigated over hack-and-leak of environmentalist emails, sources say | Reuters Costa Rica state energy company calls in US experts to help with ransomware attack | The Record from Recorded Future News Blue Yonder Security Rating, Vendor Risk Report, and Data Breaches ENGlobal IT systems impacted by ransomware attack | Cybersecurity Dive Ransomware suspect Wazawaka reportedly arrested by Russia | The Record from Recorded Future News Russia delivers historic life sentence to suspected founder of darknet marketplace | The Record from Recorded Future News Vodka maker Stoli says August ransomware attack contributed to bankruptcy filing | The Record from Recorded Future News Hacker in Snowflake Extortions May Be a U.S. Soldier – Krebs on Security Uganda confirms cyberattack on central bank but minimizes extent of breach | The Record from Recorded Future News Press Release: HOME > Announcements/News > Announcements > Press Release U.S. officials urge Americans to use encrypted apps amid cyberattack With Threats to Encryption Looming, Signal's Meredith Whittaker Says ‘We're Not Changing' | WIRED Japanese crypto service shuts down after theft of bitcoin worth $308 million | The Record from Recorded Future News He Got Banned From X. Now He Wants to Help You Escape, Too | WIRED cyberundergroundfeed on X: "

Risky Business
Risky Business #772 -- Salt Typhoon is truly a national security disaster

Risky Business

Play Episode Listen Later Nov 27, 2024 61:05


On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: A ransomware attack has crippled US supply chain software provider Blue Yonder Russian spies hack nearby wifi to get to their targets, but that doesn't seem surprising? Salt Typhoon's attacks on telcos are hard to solve and big on impact China's surveillance state workers sell their access at home Palo Alto is bad and should feel bad And much, much more. In this week's sponsor interview Patrick Gray chats with Matt Muller from Tines about Gartner's “spicy take” that the SOAR category is dead. SOAR is dead! Long live SOAR! This episode is also available on Youtube. Show notes Retailers struggle after ransomware attack on supply chain tech provider Blue Yonder | The Record from Recorded Future News Customer Update Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED China's Salt Typhoon hackers target telecom firms in Southeast Asia with new malware | The Record from Recorded Future News Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned Top senator calls Salt Typhoon “worst telecom hack in our nation's history” - The Washington Post Privacy-focused mobile phone launches for high-risk individuals | CyberScoop China's Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED Former Verizon employee gets four-year sentence for sharing cyber secrets with Chinese government | The Record from Recorded Future News Surveillance Legislation (Confirmation of Application) Bill 2024 – Parliament of Australia ParlInfo - BILLS : Surveillance Legislation (Confirmation of Application) Bill 2024 : Second Reading ParlInfo - Surveillance Legislation (Confirmation of Application) Bill 2024 ParlInfo - Surveillance Legislation (Confirmation of Application) Bill 2024 Chris Bing: "Regarding the reported hack of the Gaetz-ethics committee report, the file storage platform (FileShare) that held the document said they weren't hacked. But rather: "this file was shared anonymously which allowed anyone to download. This was not a breach"" — Bluesky Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say Palo Alto Networks boasts as customers coalesce on its platforms | Cybersecurity Dive Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited | Cybersecurity Dive RSF investigation: the Indian cyber-security giant silencing media outlets worldwide | RSF Patrick Gray (@patrick.risky.biz) — Bluesky metlstorm (@metlstorm.risky.biz) — Bluesky Catalin Cimpanu (@campuscodi.risky.biz) — Bluesky Tom Uren (@tom.risky.biz) — Bluesky

Risky Business
Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid

Risky Business

Play Episode Listen Later Nov 20, 2024 61:12


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft introduces some sensible sounding post-Crowdstrike changes Palo Alto patches hella-stupid bugs in its firewall management webapp CISA head Jen Easterly to depart as Trump arrives AI grandma tarpits phone scammers in family-tech-support hell Academic research supports your gut-reaction; phishing training doesn't work And much, much more. This week's episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise' AI system truffle-pigged out of their data set. This episode is also available on Youtube. Show notes Windows security and resiliency: Protecting your business | Windows Experience Blog Microsoft revamps how it will disclose vulnerabilities | Cybersecurity Dive NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive Unpatched zero-days in Fortinet and Palo Alto Networks software Palo Alto Networks' customer migration tool hit by trio of CVE exploits | Cybersecurity Dive Readout of President Joe Biden's Meeting with President Xi Jinping of the People's Republic of China | The White House Easterly to step down from CISA director role on Inauguration Day | Cybersecurity Dive Top White House cyber official urges Trump to focus on ransomware, China Ransomware gang Akira leaks unprecedented number of victims' data in one day Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz 1,400 Pegasus spyware infections detailed in WhatsApp's lawsuit filings NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch Ransomware gang Akira leaks unprecedented number of victims' data in one day Ohio man behind Helix cryptocurrency mixer gets 3-year sentence O2 unveils Daisy, the AI granny wasting scammers' time - Virgin Media O2 Understanding the Efficacy of Phishing Training in Practice Bunnings facial recognition cameras breach Privacy Act, retailer to challenge ruling | news.com.au — Australia's leading news site Nudity, punches in newly released Bunnings CCTV as company found to breach Privacy Act | news.com.au — Australia's leading news site Bitfinex Hack Launderer Heather 'Razzlekhan' Morgan Sentenced to 18 Months in Prison

Risky Business
Risky Business #770 -- A Russian IR guy discovers extremely cool spookware

Risky Business

Play Episode Listen Later Nov 13, 2024 63:29


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Apple frustrates law enforcement with iOS auto-reboot CISA says most KEV vulnerabilities in 2023 were first used as zero days Russians roll incident response on some sweet Linux spookware Regular users can create mailboxes in M365? Tor tracks down the source of its joe-job abuse complaints And much, much more. This week's feature guest is former FBI agent Chris Tarbell, who arrested Silk Road operator Ross Ulbricht way back in 2013. As suggestions swirl that an incoming Trump administration might release Ulbricht, Chris talks about the reality of the Dread Pirate Roberts. This episode is sponsored by software supply chain security firm Socket.dev. Founder Feross Aboukhadijeh thinks that we need a CVE-like catalogue for supply-chain attacks, and he makes a solid argument. The show is also available on Youtube. Show notes Jason Koebler: "New: We've confirmed Apple quietly introduced a feature in the new iOS that is preventing cops from hacking iPhones that they have confiscated as evidence. Apple really did say ACAB www.404media.co/apple-quietl..." — Bluesky Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops Exclusive | U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack - WSJ Surge in exploits of zero-day vulnerabilities is ‘new normal' warns Five Eyes alliance The Elusive GoblinRAT: How a Linux Backdoor Infiltrated Government Infrastructures Microsoft Bookings – Facilitating Impersonation | Cyberis Limited TrustedSec | EKUwu: Not just another AD CS ESC Russia's internet watchdog blocks thousands of websites that use Cloudflare's privacy service Defending the Tor network: Mitigating IP spoofing against Tor | The Tor Project Law enforcement operation takes down 22,000 malicious IP addresses worldwide - Ars Technica Press Conference - Parliament House, Canberra | Prime Minister of Australia DHS nominee Kristi Noem stood alone for rejecting department cyber grants to state, local governments | CyberScoop Patrick Gray: "Allies will feel comfortable until these guys get fired in their first 100 days for opposing Trump's proposed annexation of Iceland or something. People have forgotten… Trump is out of his gourd" — Bluesky

Risky Business
Risky Business #769 -- Sophos drops implants on Chinese exploit devs

Risky Business

Play Episode Listen Later Nov 6, 2024 56:51


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Sophos drops implants on Chinese firewall exploit devs Microsoft workshops better just-in-time Windows admin privileges Snowflake hacker arrested in Canada Okta has a fun, but not very impactful auth-bypass bug Russians bring dumb-but-smart RDP client attacks And much, much more. Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is available on Youtube for those who want to really live vicariously through Sophos doing what every vendor probably wants to do. This week's episode is sponsored by attack surface mapping vendor runZero. Founder and CEO HD Moore joins to talk about marrying up the outside and inside views of your network. You can also watch this episode on Youtube Show notes Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Does bcrypt have a maximum password length? - Information Security Stack Exchange Local Administrator Protection | Privilege Protection Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED A Deeper Look at FortiJump (FortiManager CVE-2024-47575) | Bishop Fox Man Arrested for Snowflake Hacking Spree Faces US Extradition | WIRED Google uses large language model to discover real-world vulnerability GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Thousands of hacked TP-Link routers used in yearslong account takeover attacks - Ars Technica CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files | Cybersecurity Dive Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns India-Canada row: Canadian officials confess to leaking 'intel' against India to Washington Post - India Today Amid diplomatic row, Canada names India in ‘cyberthreat adversary' list, accuses it of ‘likely spying' | World News - The Indian Express The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President | WIRED Risky Biz News: The mystery at Mango Park North Korean hackers seen collaborating with Play ransomware group, researchers say

Risky Business
Risky Business #768 -- CSRB will investigate China's Wiretap Hacks

Risky Business

Play Episode Listen Later Oct 30, 2024 51:37


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CSRB to investigate China's telco-wiretapping hacks Euro law enforcement takes down the Redline infostealer Someone steals Fed crypto… and then tries to quietly sneak it back in Russia sentences REvil guys to … jail? Really? Apple private cloud compute gets a proper bug bounty program And much, much more. This week's episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and Material Security's Rajan Kapoor to talk about how to wrangle securing data that ends up in corporate cloud email and file stores. This episode is also available on Youtube. Show notes Apple 10 day certificates Chinese hackers said to have collected audio of American calls U.S. Panel to Probe Cyber Failures in Massive Chinese Hack of Telecoms How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware Operation Magnus Hacker Returns $19.3 Million to Drained US Government Crypto Wallet Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts | WIRED Radar systems in Iran breached prior to Israel's Saturday counter-strike - report Delta sues CrowdStrike after widespread IT outage that caused thousands of cancellations Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds Microsoft CEO asked board to cut pay in connection with security overhaul | Cybersecurity Dive Four REvil members sentenced to more than four years in prison Russia says it might build its own Linux community after removal of several kernel maintainers Nigerian court drops charges against detained Binance executive Tigran Gambaryan Apple will pay security researchers up to $1 million to hack its private AI cloud | TechCrunch SonicWall firewalls the common access point in spreading ransomware campaign | Cybersecurity Dive Fortinet zero-day attack spree hits at least 50 customers | Cybersecurity Dive Cisco warns actively exploited CVE can lead to DoS attacks against VPN services | Cybersecurity Dive Chinese influence operation targets US down-ballot races, Microsoft says | Reuters Exclusive: Accused Iranian hackers successfully peddle stolen Trump emails | Reuters Viral video of ripped-up Pennsylvania ballots is fake and Russian-made, intelligence agencies say Product Demo: Securing M365 and Google Workspace with Material Security

Risky Business News
Srsly Risky Biz: EU lobs software liability hand grenade

Risky Business News

Play Episode Listen Later Oct 24, 2024 19:47


In this podcast Tom Uren, Patrick Gray and Adam Boileau talk about an EU directive that will make vendors liable for software defects. The directive sets a very high bar but is also limited in scope. It only applies to individuals and doesn't cover professional use so it is a very practical way to start changing expectations about liability. They also talk about Session Messenger app which has decamped from Australia and set up a foundation in Switzerland. The encrypted and metadata-resistant app is catnip for criminals, so we expect that it is on a collision course with state power. This episode is also available on Youtube.

Risky Business
Risky Business #767 – SEC fines Check Point, Mimecast, Avaya and Unisys over hacks

Risky Business

Play Episode Listen Later Oct 23, 2024 62:21


On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsoft loses a bunch of cloud logs Veeam and Fortinet are bad and should feel bad North Koreans are good (at hacking) And much, much more. This week's episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. This episode is also available on Youtube. Show notes Four cyber companies fined for SolarWinds disclosure failures U.S. charges Sudanese men with running powerful cyberattack-for-hire gang Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive Risky Biz News: Apple wants to reduce the lifespan of TLS certificates to 10 days Encrypted Chat App ‘Session' Leaves Australia After Visit From Police Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica Brazil Arrests ‘USDoD,' Hacker in FBI Infragard Breach – Krebs on Security Here's how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive FortiGate admins report active exploitation 0-day. Vendor isn't talking. - Ars Technica Hackers reportedly impersonate cyber firm ESET to target organizations in Israel The latest in North Korea's fake IT worker scheme: Extorting the employers

Risky Business
Risky Business #766 – China hacks America's lawful intercept systems

Risky Business

Play Episode Listen Later Oct 16, 2024 53:57


On this week's show Patrick Gray and Adam Boileau discuss the week's infosec news, including: Chinese spooks all up in western telco lawful intercept Jerks ruin the Internet Archive's day Microsoft drops a great report with a bad chart The feds make their own crypto currency and get it pumped Forti-, Palo- and Ivanti-fail And much, much more. This week's episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther's Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn't worked out, and what smart teams do to handle their logs. This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE) Show notes White House forms emergency team to deal with China espionage hack - The Washington Post DDoS attacks on Internet Archive continue after data breach impacting 31 million Microsoft Digital Defense Report 2024 Ransomware encryption down amid surge of attacks, Microsoft says | CyberScoop Russian court websites down after breach claimed by pro-Ukraine hackers Ukrainian anti-corruption agency reportedly finds no violations in disclosures of top cyber official Trump campaign turns to secure hardware after hacking incident | Reuters FBI creates its own crypto token to nab suspects in alleged fraud scheme District of Massachusetts | Eighteen Individuals and Entities Charged in International Operation Targeting Widespread Fraud and Manipulation in the Cryptocurrency Markets | United States Department of Justice Critical CVE in 4 Fortinet products actively exploited | Cybersecurity Dive Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024 Palo Alto Expedition: From N-Day to Full Compromise Ivanti up against another attack spree as hackers target its endpoint manager | Cybersecurity Dive 1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies · GitHub Recently-patched Firefox bug exploited against Tor browser users Two never-before-seen tools, from same group, infect air-gapped devices - Ars Technica A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security Opinion | The Cyber Sleuth - Washington Post

Risky Business News
Srsly Risky Biz: How Telegram turbocharges organised crime

Risky Business News

Play Episode Listen Later Oct 10, 2024 22:42


In this podcast Tom Uren and Adam Boileau talk a new UN report that spells out the role Telegram plays as a massive enabler for transnational organised crime. They also discuss China's hacking of US telcos to possibly target of lawful intercept equipment and a remarkably entertaining account of North Korean IT workers being employed by over a dozen cryptocurrency firms. This episode is also available on Youtube. Show notes How North Korea Infiltrated the Crypto Industry UN report into technological innovation in transnational crime

Risky Business News
Srsly Risky Biz: Tackling election interference at warp speed

Risky Business News

Play Episode Listen Later Oct 3, 2024 20:17


In this podcast Tom Uren and Adam Boileau talk about how the US government's response to Iranian election interference is proceeding at light speed. This allows other actors such as Meta to make decisions relating to interference with certainty. They also discuss how Russian cybercrime group Evil Corp's relationship with Russian intelligence was built on the founder's marriage. This episode is also available on Youtube.

Risky Business
Risky Business #765 -- The Kaspersky switcheroo

Risky Business

Play Episode Listen Later Sep 25, 2024 65:41


Patrick Gray and Adam Boileau discuss the week's infosec news with everyone's favourite ex-NSA big-brain, Rob Joyce. They talk through: Musk and Durov bow to government pressure Tiktok rushes to ban authoritarian propagandists The US doesn't want Chinese software in its cars Kaspersky replaces itself with an AV no one has ever heard of Aussie police chalk up another crimephone takedown Press Win-R Ctrl-V to prove you're human And much, much more. This week's show is brought to you by Stairwell, and Stairwell's founder Mike Wiacek will be along to talk about how people are using their platform to hunt down detection resistant malware. A video version of this episode is also available on Youtube. Show notes Elon Musk backs down in his fight with Brazilian judges to restore X | Elon Musk | The Guardian Telegram says it will share phone numbers and IP addresses of ‘bad actors' to authorities Jane Lytvynenko on X: "Ukrainian cybersecurity officials are limiting the use of Telegram for military, critical infrastructure, and other authorities. Budanov said he has “substantiated data” on Ru authorities having access to personal messages on TG, including removed ones. https://t.co/xOcnf7am9R" / X TikTok blocks dozens of Kremlin-backed media accounts Biden administration proposes rule banning Chinese, Russian connected vehicles and parts Some Kaspersky customers receive surprise forced-update to new antivirus software | TechCrunch Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack' Police announce takedown and arrest mastermind behind criminal comms platform 'Ghost' Turning Everyday Gadgets into Bombs is a Bad Idea « bunnie's blog Iranian-linked election interference operation shows signs of recent access | CyberScoop Republicans demand FBI hearing on Iran theft of Trump documents Ermittlungen im Darknet: Strafverfolger hebeln Tor-Anonymisierung aus | tagesschau.de DOJ charges hackers for stealing $230 million in crypto from individual This Windows PowerShell Phish Has Scary Potential – Krebs on Security You can now use Apple's best iPhone Mirroring feature on your Mac and iPhone | TechRadar

Risky Business
Risky Business #764 -- Mossad expands into telecommunications services

Risky Business

Play Episode Listen Later Sep 18, 2024 62:56


On this week's show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Hezbollah's attempts to avoid SIGINT with pagers ends in explosions The US shines many bright lights on RT's disinfo role Australia counters Chinese bullying in the Pacific Valid accounts are the most prevalent entry point, says CISA's data Ivanti and Fortinet vie for worst vendor of the week Krebs writes up the shift towards charging The Com with terrorism And much, much more… This week's episode is sponsored by Push Security, who bring security visibility to where it needs to be these days – the browser. Luke Jennings joins this week's show to discuss how phish-kit crews are driving the arms race forward, and how detection has to adapt and go where the users are. This episode is also available on Youtube. Show notes Israel planted explosives in Hezbollah's Taiwan-made pagers, sources say | Reuters How Hezbollah used pagers and couriers to counter Israel's high tech surveillance | Reuters Biden administration unveils new evidence of RT's key role in Russian intelligence operations globally | CNN Politics Meta bans RT days after U.S. accused Russian outlet of disinformation U.S. to file charges in Trump campaign hacking case, officials say China suspected of hacking diplomatic body for Pacific islands region Chinese-made port cranes in US included 'backdoor' modems, House report says Stolen account info still chief risk for federal agencies, annual CISA audit finds Notice of Recent Security Incident | Fortinet Blog WordPress.org to require two-factor authentication for plugin developers | CyberScoop Multiple attacks force CISA to order agencies to upgrade or remove end-of-life Ivanti appliance Ivanti Endpoint Manager and Ivanti Endpoint Manager Security Suite and Ivanti Cloud Service Application (CSA) - End Of Life (EOL) The Dark Nexus Between Harm Groups and ‘The Com' – Krebs on Security Feds sentence 12 crypto thieves behind SIM swaps, home invasions Ex-CrowdStrike employees detail rising technical errors before July outage | Semafor Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information' US hits Intellexa spyware maker with more sanctions (1) BolivarCucuta on X: "Encuentran muerto al ciudadano israelí Yariv Bokor en Medellín En un apartamento de El Poblado, Medellín, fue encontrado sin vida el ciudadano israelí Yariv Bokor, con aparentes signos de violencia. Bokor estaba vinculado a la empresa Sandvine, la cual tiene relación con NSO https://t.co/EeY1os1omW" / X Instagram to bolster privacy and safety features for millions of teen users Mastercard buys Recorded Future for $2.65 billion | CyberScoop

Risky Business
Risky Business #763 – Microsoft un-patches critical bug

Risky Business

Play Episode Listen Later Sep 11, 2024 51:49


On this week's show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Russia's disinformation peddlers face multifaceted sternness from the DoJ Telegram is now law enforcement's bestest new pal, all of a sudden Iran's banking industry arranges a payment plan for a ransom Columbia investigates how it sent private jets full of cash to pay for Pegasus Microsoft innovates with Un-Patch Tuesday And much, much more. This week's sponsor is Kroll Cyber, and one of their incident responders Paul Wells joins to discuss that one weird trick that actually helps - preparing for an incident before hand, rather than learning all those hard lessons in the middle of a crisis. This week's episode is also available on Youtube.

Risky Business
Risky Business #762 -- Brazil nukes X, Iranian APTs deploy ransomware

Risky Business

Play Episode Listen Later Sep 4, 2024 64:46


On this week's show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Brazil's supreme court bans X-formerly-Twitter, Iranian cyber teams cooperate with ransomware crews While North Koreans wield chrome-windows 0-day Yubikey cloning attack is impressive, but doesn't have us binning our keys quite yet The White House is coming for your unsigned BGP announcements And much, much more. This week's episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is! You can also watch this episode on Youtube. Show notes Brazil X ban: Top court judges uphold block of Musk's platform Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA Malicious North Korean packages appear again in open source code repository North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions Chinese ‘Spamouflage' operatives are mimicking disillusioned Americans online Researchers uncover ‘SlowTempest' espionage campaign within China City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica Bypassing airport security via SQL injection Cyberattack hits agency responsible for London's transport network German air traffic control agency confirms cyberattack, says operations unaffected White House calls attention to ‘hard problem' of securing internet traffic routing Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security

Risky Business
Risky Business #761 – Telegram v frogs. Fight!

Risky Business

Play Episode Listen Later Aug 28, 2024 64:32


On this week's show, Patrick Gray and Adam Boileau discusses the week's security news, including: Telegram founder's arrest in France Volt Typhoon 0days some SD-WAN gear Russia frets about Ukraine all up in Kursk's webcams Cybercriminals social engineer payment card NFC relay attacks in the wild The slow burn of Active Directory name collisions And much, much more. This week's episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly. You can also watch this week's show on Youtube. Show notes Pavel Durov: Telegram CEO's arrest part of larger investigation Keep Pavel Durov LOCKED UP Internet mogul Kim Dotcom to be extradited to the US, NZ justice minister says New 0-Day Attacks Linked to China's ‘Volt Typhoon' – Krebs on Security Oil industry giant Halliburton confirms 'issue' following reported cyberattack Seattle airport confronts 4th day of cyberattack outages | Cybersecurity Dive Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine In a Kyiv hangar, Ukraine launches a cyber range for everyone U.S. military, on Tinder, says to swipe left on Iran-backed militants - The Washington Post CISA officials credit Microsoft security log expansion for improved threat visibility | Cybersecurity Dive Suspect in $14 billion cryptocurrency pyramid scheme extradited to China Android malware used to steal ATM info from customers at three European banks Novel technique allows malicious apps to escape iOS and Android guardrails | Ars Technica Local Networks Go Global When Domain Names Collide – Krebs on Security Attack tool update impairs Windows computers SonicWall pushes patch for critical vulnerability in SonicOS platform | CyberScoop “YOLO” is not a valid hash construction

Risky Business
Risky Business #760 – Microsoft to make MFA mandatory

Risky Business

Play Episode Listen Later Aug 21, 2024 64:44


On this week's show, Patrick Gray and Adam Boileau discuss the week's security news including: Microsoft did a good thing! Soon all Azure admins will require MFA The three billion row National Public Data breach mess, courtesy Florida Man US govt confirms that it was Iran that hacked the Trump campaign Is TP-Link the next Huawei, or just not very good at computers? Major Chinese RFID card maker has hardcoded backdoors And much, much more. This week's episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they've joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface. Show notes Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog phishing resistant mfa - Google Search Microsoft will require MFA for all Azure users NationalPublicData.com Hack Exposes a Nation's Data – Krebs on Security National Public Data Published Its Own Passwords – Krebs on Security Bloomberg Law How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI Crypto firm says hacker locked all employees out of Google products for four days ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading Routers from China-based TP-Link a national security threat, US lawmakers claim Hardware backdoors found in Chinese smart cards Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research Hardware backdoors found in Chinese smart cards Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

Risky Business
Risky Business #759 – Why Iran's hack and leak will amount to naught

Risky Business

Play Episode Listen Later Aug 14, 2024 64:35


On this week's show, Patrick Gray and Adam Boileau discuss the week's security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover: Iran tries an election hack'n'leak like its still 2016 Crowdstrike takes home the Pwnie for Epic Fail at DEF CON UK healthcare SaaS faces six million pound fine for lack of MFA US circuit courts disagree on geofence warrants Our roundup of juicy Blackhat/DEF CON research And much, much more. This week's episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through into the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems. You can also watch this week's show on Youtube. Show notes Trump campaign points finger at Iranian hackers for documents leak FBI says it's investigating efforts to hack Trump and Biden-Harris campaigns Iranian hackers ramping up US election interference, Microsoft warns State Dept puts $10 million bounty on IRGC-CEC hackers CrowdStrike snafu was a ‘dress rehearsal' for critical infrastructure disruptions, CISA director says | Cybersecurity Dive Dominic White

Risky Business
Risky Business #758 – Crowdstrike's postmortem underwhelms

Risky Business

Play Episode Listen Later Aug 7, 2024 52:57


On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Crowdstrike talks loud in its postmortem, but says very little Digicert fears the CA-Browser Forum, gets lawsuit from a customer Dmitri Alperovitch joins the show to talk about the Russian prisoner swap Cloudflare continues to harbour scum and villainy Professional ransomware crew … is an improvement? And much, much more. This week's episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer. Show notes CrowdStrike investors file class action suit following global IT outage | Cybersecurity Dive CrowdStrike rebukes Delta's negligence claims in fiery letter | Cybersecurity Dive Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf Sparks fly when lawyers meet a certificate revocation crt.sh | Alegeus U.S. releases Russian hackers in Evan Gershkovich prisoner swap U.S. Trades Cybercriminals to Russia in Prisoner Swap – Krebs on Security Who are the two major hackers Russia just received in a prisoner swap? | Ars Technica Hackers remotely wipe 13,000 students' iPads and Chromebooks after breaching safety software Mobile Guardian Device Management Application to be removed | MOE Ford wants patent for tech allowing cars to surveil and report speeding drivers I'm Sorry, Dave, You're Speeding | WIRED Cloudflare once again comes under pressure for enabling abusive sites | Ars Technica Low-Drama ‘Dark Angels' Reap Record Ransoms – Krebs on Security Bumble and Hinge allowed stalkers to pinpoint users' locations down to 2 meters, researchers say | TechCrunch Unfashionably secure: why we use isolated VMs – Thinkst Thoughts Defending AI Model Files from Unauthorized Access with Canaries | NVIDIA Technical Blog

Risky Business
Risky Business #757 – The ClownStrike cleanup continues

Risky Business

Play Episode Listen Later Jul 31, 2024 60:49


On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: The insurance industry's reaction to CrowdStrike's mess Google's Workspace email validation flaw and its consequences for OAuth'd applications Is the VMWare ESX group membership feature a CVE or an FYI? Secureboot continues to under-deliver North Korea's revenue neutral intelligence services And much, much more This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors. This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can! Show notes Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive Delta hires David Boies to seek damages from CrowdStrike, Microsoft CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive (1145) Why CrowdStrike's Baffling BSOD Disaster Was Avoidable - YouTube CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger' | CyberScoop AMI Platform Key leak undermines Secure Boot on 800+ PC models Chrome will now prompt some users to send passwords for suspicious files | Ars Technica Google Online Security Blog: Improving the security of Chrome cookies on Windows A Senate Bill Would Radically Improve Voting Machine Security | WIRED U.S. told Philippines it made ‘missteps' in secret anti-vax propaganda effort | Reuters Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive Chaining Three Bugs to Access All Your ServiceNow Data Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL

Risky Business
Risky Business #756 -- Move fast and break everything

Risky Business

Play Episode Listen Later Jul 24, 2024 58:52


The Risky Biz main show returns from a break to the traditional internet-melting mess that happens whenever Patrick Gray takes a holiday. Pat and Adam Boileau talk through the week's security news, including: Oh Crowdstrike, no, oh no, honey, no AT&T stored call records on Snowflake and you'll never guess what happened next Squarespace buys Google Domains and makes a hash of it Some but not all of the SECs case against Solarwinds gets thrown out Pity the incident responders digging through a terabyte of Disney Slack dumps Internet Explorer rises from the grave, and it wants SHELLS RAAAAARGH SSHHEEELLLS And much, much more. This week's show is brought to you by Sublime Security, a flexible and modern email security platform. If you're sick of using a black box email security solution, Sublime is a terrific option for you. Show notes Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems Low-level cybercriminals are pouncing on CrowdStrike-connected outage | CyberScoop CrowdStrike says flawed update was live for 78 minutes | Cybersecurity Dive Crooks Steal Phone, SMS Records for Nearly All AT&T Customers – Krebs on Security Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security Teenage suspect in MGM Resorts hack arrested in Britain Majority of SEC civil fraud case against SolarWinds dismissed, but core remains | Cybersecurity Dive How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter | WIRED Kaspersky Lab Closing U.S. Division; Laying Off Workers Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED Wallets tied to CDK ransom group received $25 million two days after attack | CyberScoop UnitedHealth's cyberattack response costs to surpass $2.3B this year | Cybersecurity Dive Ransomware ecosystem fragmenting under law enforcement pressure and distrust Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

Risky Business
Risky Business #755 -- SSH 0day! Polyfill drama! Entrust crushed!

Risky Business

Play Episode Listen Later Jul 3, 2024 59:19


On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Widely used polyfill javascript gets hijacked by its new owners MacOS supply chain disaster bullet dodged That OpenSSH remote code exec OH MY

Risky Business
Risky Business #754 -- Assange pleads guilty to espionage, walks free

Risky Business

Play Episode Listen Later Jun 26, 2024 57:00


On this week's show, Patrick Gray and Adam Boileau discuss the week's security news, including: Julian Assange finally cuts a deal, pleads guilty, and goes free USA to ban Kaspersky - even updates Car dealer SaaS provider CDK contemplates paying a ransom Intolerable healthcare ransomware attacks continue We revisit Windows proximity bugs via wifi and bluetooth And much, much more. This week's episode is sponsored by enterprise browser maker Island. Crowdstrike co-founder Dmitri Alperovitch is an investor in Island, and joins on its behalf to discuss why an enterprise browser is really starting to make sense. Show notes Julian Assange released from prison and has left UK, WikiLeaks says US to ban Kaspersky Lab software nationwide later this year Cyberattack on CDK Global stymies work at car dealerships across US Almost 200 cancer operations postponed as ransomware group publishes London hospitals data UK government weighs action against Russian hackers over NHS records theft South Africa's national health lab hit with ransomware attack amid mpox outbreak Ransomware victims are becoming less likely to pay up | Cybersecurity Dive Lawmakers in Philippines push for probe into Pentagon's anti-vax propaganda operation | Reuters Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch Two bluetooth vulnerabilities in Windows Thread on reversing the patch Basic concept for the latest windows wifi driver CVE

Risky Business
Risky Business #752 -- Apple announcements thrill and terrify at the same time

Risky Business

Play Episode Listen Later Jun 12, 2024 64:07


On this week's show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob's left the government service, he's hobnobbing with us pundits, talking through the week's news: Apple announces a big leap for confidential cloud computing into the mass market While at the same time, letting you just mosey around your iPhone from your Mac Mandiant reports in about the Snowflake breach Moody's say credit ratings might consider cyber incidents Microsoft fixes an Azure flaw with a… “comprehensive documentation update” And much, much more. This week's show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico's COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem. Show notes Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple The Wiretap: Apple's AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It's a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X Risky Biz News: Microsoft budges on Windows 11 Recall Tenable finds an Azure flaw, Microsoft calls it a feature • The Register LendingTree confirms that cloud services attack potentially affected subsidiary Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica 7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica Urgent call for O-type blood donations following London hospitals ransomware attack Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down Cyberattacks pose mounting risks to creditworthiness: Moody's | Cybersecurity Dive Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab FCC moves ahead on internet routing security rules | CyberScoop House Republicans propose eliminating funding for election security | CyberScoop New DJI policy: No flight record syncing for US drone pilots Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors Critical PHP CVE is under attack — research shows it's easy to exploit | Cybersecurity Dive A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED

Risky Business
Risky Business #748 -- New cyber rules for US healthcare are coming

Risky Business

Play Episode Listen Later May 15, 2024 62:33


This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week's news, including: The ongoing Ascension healthcare disruption, and Whether its reasonable for healthcare orgs to be pushing back Platforming cybercriminals for interviews Own the libs by… not using E2EE messaging? CISA's secure by design, we want to believe! The $64billion scale of indusrialised fraud And much, much more. This week's sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report. Show notes Federal agencies assisting Catholic health network amid cyberattack After Ascension ransomware attack, feds issue alert on Black Basta group As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted Stolen children's health records posted online in extortion bid Guidance for organisations considering payment in... - NCSC.GOV.UK How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security In interview, LockbitSupp says authorities outed the wrong guy A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED UK 'increasingly concerned' about Russian intelligence links to hacktivists Civil society under increasing threats from ‘malicious' state cyber actors, US Elon Musk Weighs in on the Encryption Wars Between Telegram and Signal Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch Christie's Website Offline For A Fifth Day And The Company Is Still Silent On The Extent Of Last Week's Security Breach 68 tech, security vendors commit to secure-by-design practices | Cybersecurity Dive UK government urges caution over blaming China for Ministry of Defence breach Black Basta group spam-bombs victims and then calls to help Southeast Asian scam syndicates stealing $64 billion annually, researchers find The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy | WIRED ADVANCED APT EMULATION LABS

Risky Business
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Risky Business

Play Episode Listen Later Mar 6, 2024 59:25


In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week's sponsor interview Patrick Gray speaks to Karl McGuinness, Okta's chief architect, about some new security improvements they've built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind' AlphV's hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia's chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world's tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

Risky Business
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Risky Business

Play Episode Listen Later Mar 6, 2024


In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week's sponsor interview Patrick Gray speaks to Karl McGuinness, Okta's chief architect, about some new security improvements they've built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind' AlphV's hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia's chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world's tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

Risky Business
Risky Business #738 -- LockBit is down but not out. Yet.

Risky Business

Play Episode Listen Later Feb 28, 2024 Very Popular


In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren't happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week's sponsor interview, Airlock Digital's Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI's LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security Russia detains hacker behind Australia's Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ‘Alarming' cyberattack hits Canada's federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED New Biden order would stem flow of Americans' sensitive data to China - The Washington Post

Risky Business
Risky Business #738 -- LockBit is down but not out. Yet.

Risky Business

Play Episode Listen Later Feb 28, 2024 55:28


In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren't happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week's sponsor interview, Airlock Digital's Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI's LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security Russia detains hacker behind Australia's Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ‘Alarming' cyberattack hits Canada's federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED New Biden order would stem flow of Americans' sensitive data to China - The Washington Post