Risky Business

On this week?s show Patrick and Adam discuss the week?s security news, including:

The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more.

We have a special guest in this week?s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.

This week?s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island?s Bradon Rogers is this week?s sponsor guest and he?ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.

Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ?cascade? of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ?MFA Bombing? Attacks Targeting Apple Users ? Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ?Security Engineering,? passes away

On this week?s show Patrick and Adam discuss the week?s security news, including:

FVEY protests China?s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple?s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more.

This week?s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week?s show to make a passionate case that security vendors don?t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.

Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ?Far-reaching? hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man?s Army of Streaming Bots Reveals a Whole Industry?s Problem Apex Legends hacker said he hacked tournament games ?for fun? | TechCrunch

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST?s National Vulnerability Database (NVD) and more.

On this week?s show Patrick and Adam discuss the week?s security news, including:

Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia?s powershell, solving living off the land, And much, much more

This week?s show is brought to you by Material Security. In this week?s sponsor interview we speak with Material?s Rajan Kapoor, VP of Customer Experience at Material. We?re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

Show notes Anthropic?s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit?s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk?s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

On this week?s show Patrick and Adam discuss the week?s security news, including:

Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn?t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more

This week?s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller?s chief of staff when he was FBI director.

John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He?ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing.

Rad founder Jimmy Mesta will along in this week?s sponsor segment to talk about some really interesting work they?ve done in baselining cloud workloads. It?s the sort of thing that sounds simple that really, really isn?t.

Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare ? Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children?s hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level? https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris ? Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They talk about:

The serious consequences from the Change Healthcare ransomware, and the need for a ? nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more

In this week?s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta?s chief architect, about some new security improvements they?ve built into their IDP.

Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ?most serious incident of its kind? AlphV?s hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "?We have to find a way of making a ransom ban work? - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia?s chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world?s tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They talk about:

LockBit gets back up after takedown Russia arrests Medibank hacker? for something else ConnectWise gives out free updates, but customers aren?t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more.

Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan.

In this week?s sponsor interview, Airlock Digital?s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code.

Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI?s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. ? Krebs on Security Russia detains hacker behind Australia?s Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ?Alarming? cyberattack hits Canada?s federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets?and Vladimir Putin | WIRED New Biden order would stem flow of Americans? sensitive data to China - The Washington Post

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They talk about:

LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is? complicated Much, much more

In this week?s sponsor interview Devicie?s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There?s an expectation out there that Windows policies are set and forget, but sadly, this is not so.

Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates ? Krebs on Security Law enforcement disrupt world?s biggest ransomware operation Shanghai Anxun?s information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ?very long? list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti?s CVE-2021-44529 ?the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.? FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia?s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you?re an o365 customer you?re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They talk about:

Somehow there are still more Ivanti and Fortinet exploits Volt Typhoon have been at it for years Starlink in Ukraine gets complicated Canadians hate poor Flipper Much, much more?

In this week?s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren?t well equipped to deal with them.

Show notes Microsoft Azure customers hit by phishing, account takeover attacks | Cybersecurity Dive Ivanti publishes urgent warning about new vulnerability How is Pulse Secure Formed Attackers hit more networking gear, this time a critical Fortinet CVE | Cybersecurity Dive End Of General Availability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) Coker: ONCD is studying ?liability regimes? for software flaws Chinese hackers spent 5 years in US infrastructure, ready to attack CISA, FBI warn of China-linked hackers pre-positioning for ?destructive cyberattacks against US critical infrastructure? Russia using Starlink Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown | Ars Technica Health insurance data breach affects nearly half of France?s population, privacy regulator warns Hackers attack 25 Romanian hospitals Catalin on the Rhysider ransomware decrypter going public A password manager LastPass calls ?fraudulent? booted from App Store | Ars Technica From Cybercrime Saul Goodman to the Russian GRU ? Krebs on Security

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about:

Why Greynoise hasn?t seen a substantial drop off in Volt Typhoon?s network of compromised routers after the US Government?s takedown action How vendors are using Greynoise as an early warning system to identify exploitation of their products How he?s using large language models to reverse exploitation attempts into actual exploits

It truly is a great conversation, we hope you enjoy it!

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They talk about:

Thought eels were slippery? Check out AnyDesk?s PR! Why Microsoft?s 365 is a nightmare to secure Cloudflare?s needlessly hostile blog post US Government introduces ?Disneyland ban? for spyware peddlers Much, much more?

This week?s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He?s joining the show to talk about CISA?s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA?s Joint Cyber Defense Collaborative is a bit of a shambles.

This week?s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they?ve committed to trying to make bug discovery a one time thing ? if you find that bug once, you shouldn?t have to manually find it on another client engagement. Semgrep for the win!

Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ?safe to use? after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? ? Krebs on Security Microsoft Breach ? What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ?hackers for hire? and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ?Hacked the World.? Then Came the Censorship?and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ?fraud dens? handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren?t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC?s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits? CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They talk about:

More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful? ?then did something stupid Ivanti?s clown car collides with dumpster fire Much, much more

This week?s feature guest is Australia?s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob.

Sublime Security founder and CEO Josh Kamdjou is this week?s sponsor guest. He joins us to talk about combating QR-code phishing.

Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank?s Attacker: IT Businessman, Claimed Psychologist? | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? ? Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider ? Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ?negligence? in latest breach | CyberScoop N.S.A. Buys Americans? Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube

In this week?s show Patrick Gray and Adam Boileau discuss the week?s security news.

Microsoft honks its clown car horn Australia?s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson? ? while Progress does not and much more

DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week?s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs.

In this week?s sponsor interview Resourcely?s founder Travis McPeak talks about why we need to help developers with ?paved roads? instead of relying on dashboard products to tell us when things have gone wrong.

Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody?s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit?s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine?s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud ? Krebs on Security Experts call for US Cyber Safety Review Board rethink ? The Register

On this week?s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Their disappointment over last week?s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore? ? and why patching fast is hard when there isn?t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more?

This week?s show is unsponsored, we?re just here for the fun of it.

Show notes The SEC?s Official X Account Was ?Compromised? and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they?re scooping it up. | Ars Technica FireChat ? the messaging app that?s powering the Hong Kong protests End-of-life Cisco routers targeted by China?s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop ?MyFlaw? ? Cross Platform 0-Day RCE Vulnerability Discovered in Opera?s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

SEC Twitter account hack moves bitcoin price Kaspersky admires Triangulation hackers? fine work Telcos hacked all over Israel hacks Iranian gasoline pumps again Iran up in Albania, Sudan, Egypt and Tanzania and much, much more?

This week?s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just ?patch fast!?

Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ?highest-impact? hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A ?ridiculously weak? password causes disaster for Spain?s No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ?significant impact? of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ?pig butchering? scam city amid Chinese pressure on junta AlphV ransomware site is ?seized? by the FBI. Then it?s ?unseized.? And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world?s most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti?" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica

In this week?s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss:

Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024

This week?s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst?s founder, is this week?s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.

In this Soap Box edition of the Risky Business podcast Patrick Gray talks to Island?s Bradon Rogers about security-focussed, enterprise browsers.

You can use Island to do stuff like grant third parties access to corporate applications on unmanaged devices in a not insane way ? that?s a huge pain point for a lot of CISOs, and something that is bringing a lot of new customers through Island?s doors. Obviously for devices you do manage, you can roll Island out as your default enterprise browser. There are a lot of security benefits to doing that.

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Iran-linked attacks on US water infrastructure Why the ownCloud bug isn?t the end of the world The D-Link 0day that? never existed? In defence of Okta Much, much more

This week?s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint?s EVP of Cybersecurity Strategy, is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under ?mass? exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ?Citrix Bleed? attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users ? Krebs on Security Russian and Chinese interference networks are ?building audiences? ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ?Kimsuky? hackers after surveillance satellite launch ?Fugitive? Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

The Citrixbleed ransomware crisis Why the FBI hasn?t arrested Scattered Spider members DPRK is in your supply chains Microsoft has a brainwave and buys a HSM When civil war meets pig butchering Much, much more

This week?s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week?s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes ?Citrix Bleed? vulnerability targeted by nation-state and criminal hackers: CISA Australian ports operator recovering after major cyber incident Minister lashes DP World hack failure Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states | CNN Politics Fidelity National Financial investigating cyberattack that led to service disruption | Cybersecurity Dive Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS North Texas water utility serving 2 million hit with cyberattack Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack High-profile ransomware gang suspects arrested in Ukraine FBI struggled to disrupt dangerous casino hacking gang, cyber responders say | Reuters Chinese spies had acces to Dutch chip maker NXP's systems for over two years: report | NL Times North Korean supply chain attacks prompt joint warning from Seoul and London North Korean attack on CyberLink impacted devices around the world, Microsoft says North Korean ?BlueNoroff? group targeting financial institutions with macOS malware Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop (14) Microsoft Should Look to the Past for Its Security Future Sacked Ukrainian cyber chief released on bail amid corruption probe Second top Ukrainian cyber official arrested amid corruption probe Report claims to reveal identity of Russian hacktivist leader Rebel offensive in Myanmar takes aim at online scam industry Myanmar Rebel Offensive Helps China's Cybercrime Crackdown Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop Nearly two dozen Danish energy companies hacked through firewall bug in May Senate proposes surveillance bill without FBI warrant requirement The FCC says new rules will curb SIM swapping. I?m pessimistic | Ars Technica EU urged to drop new law that could allow member states to intercept and decrypt global web traffic Google researchers discover 'Reptar,? a new CPU vulnerability | Google Cloud Blog Spavor blames fellow prisoner Kovrig for Chinese detention, alleges he was used for intelligence gathering - The Globe and Mail The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED

In this Soap Box podcast Patrick Gray talks to Material Security?s CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites.

Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files?

Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account.

Even if you?re not interested in buying a product to tackle this, we think this one is a great listen.

On this week?s show Patrick Gray talks through the news with Chris Krebs and Dmitri Alperovitch. They discuss:

The SEC enforcement action against Solarwinds? CISO The White House AI Executive Order CitrixBleed exploitation goes wide How Kaspersky captured some (likely) Five Eyes iOS 0day Elon Musk?s Gaza Strip adventures Much, much more

This week?s show is brought to you by Greynoise. Andrew Morris, Greynoise?s founder and CEO, is this week?s sponsor guest. He talks about how Greynoise is using large language models to help them analyse massive quantities of malicious internet traffic.

Show notes comp-pr2023-227.pdf Biden signs executive order to oversee and invest in AI tech Risky Biz News: CitrixBleed vulnerability goes from bad to disastrous Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X Andrew Morris on X: "Confluence bug is popping off. VAST majority of it is blasting thru Tor, similar to the first wave of Log4J exploitation two years ago. If you haven't patched, it's probably popped. https://t.co/4JC0uiTaqc https://t.co/wLDgQpq7r0" / X How Kaspersky obtained all stages of Operation Triangulation | Securelist Kaspersky reveals 'elegant' malware resembling NSA code | CyberScoop Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner A cascade of compromise: unveiling Lazarus' new campaign | Securelist Near-total internet and cellular blackout hits Gaza as Israel ramps up strikes Amichai Stein on X: "Israel's Communications Minister @shlomo_karhi in response to Elon Musk: Israel will use all the means at its disposal to fight this. Hamas will use this for terrorist activity. There is no doubt about it. We know it, and Musk knows it. Hamas is ISIS." / X Shashank Joshi on X: "Wonder what encryption, if any, they use? Vulnerable to tapping. "Hamas has maintained operational security by going ?stone age? and using hard-wired phone lines while eschewing devices that are hackable or emit an electronic signature." https://t.co/ALVSXb55Zn" / X Hackers that breached Las Vegas casinos rely on violent threats, research shows | CyberScoop Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog GitHub - cloudflare/har-sanitizer Russia to launch its own version of VirusTotal due to US snooping fears iPhones have been exposing your unique MAC despite Apple?s promises otherwise | Ars Technica VMware warns of critical vulnerability affecting vCenter Server product Judge tosses Khashoggi widow?s lawsuit against NSO Group

In this edition of the Soap Box we hear from Mike Wiacek and Eric Foster from Stairwell.

Stairwell makes a product that collects and analyses every executable file in your environment. You deploy file collectors to your systems and they forward all new files to Stairwell for manual and automated analysis. You can do a lot of really cool analysis once you have all that stuff in the same place.

But as you?ll hear, Stairwell is broadening out the use cases for its platform. You don?t want to forward files from every system? You don?t have to. It?s still very useful as an analysis platform. It?s sort of like VirusTotal, but private and with a bunch more bells and whistles. There?s also a bunch of sharing tools in the platform, which gives it a ?social network for CTI nerds? flavour.

On this week?s show Patrick Gray talks through the news with Dmitri Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director Morgan Adamski. They discuss:

The Okta breach 40-50k feral Ciscos Why the http/2 protocol flaw is a real headache The Ragnar Locker takedown What the NSA CCC has been thinking about

This week?s show is brought to you by Socket. Socket?s founder Feross Aboukhadijeh joins us this week to talk about their actually-not-crazy use of large language models in their product.

Show notes Hackers Stole Access Tokens from Okta?s Support Unit ? Krebs on Security Almost 42K Cisco IOS XE devices exploited, no patch available | Cybersecurity Dive Critical Atlassian Confluence CVE under exploit by prolific state-linked actor | Cybersecurity Dive JetBrains vulnerability being exploited by North Korean gov?t hackers, Microsoft says Citrix Netscaler patch for critical CVE bypassed by malicious hackers | Cybersecurity Dive HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years | WIRED How North Korean Workers Tricked U.S. Companies into Hiring Them and Secretly Funneled Their Earnings into Weapons Programs Ragnar Locker takedown Europol: ?Key target? in Ragnar Locker ransomware operation arrested in Paris Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts The US Congress Was Targeted With Predator Spyware Lloyd?s of London finds hypothetical cyberattack could cost world economy $3.5 trillion

Patrick Gray speaks to Yubico?s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM?d.

He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.

On this week?s show Patrick Gray and Lina Lau discuss the week?s security news. They cover:

Microsoft has killed VBScript Google to make passkeys the new default sign-in method MGM losses to exceed $100m Clorox has a bad quarter Why a bug in cURL could be really bad news Much, much more

This week?s show is brought to you by KSOC. Jimmy Mesta, KSOC?s co-founder and CTO, is this week?s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.

Show notes Deprecated features in the Windows client - What's new in Windows | Microsoft Learn Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive MGM Resorts? Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states Cybercrime gangs now deploying ransomware within 24 hours of hacking victims Microsoft: Human-operated ransomware attacks tripled over past year Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop 67 X accounts spread coordinated Israel-Hamas disinformation: report John Hultquist? on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel?s response to the attacks. 1/x" / X Hacktivism erupts in response to Hamas-Israel war | TechCrunch ?War has no rules?: Hacktivists scorn Red Cross? new guidelines Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the?" / X Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.?" / X HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks NVD - CVE-2023-44487 Maintainers warn of vulnerability affecting foundational open-source tool 23andMe user data targeting Ashkenazi Jews leaked online 23andMe User Data Stolen in Credential Stuffing Attack Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica From AI with love: Scammers integrate ChatGPT into dating-app tool Inside FTX?s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Ransomware crews target WS_FTP and Jetbrains servers Global energy supply shapes up as big target The Dossier Center drops another banger Indian nationalists DDoS Canadian targets A look at the Exim drama Much, much more

This week?s show is brought to you by Kroll Cyber. George Glass is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Multiple exploits hit Progress Software?s WS_FTP Server | Cybersecurity Dive Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive Progress Software says business impact ?minimal? from MOVEit attack spree | Cybersecurity Dive NEXTA on X: ???????? ?? ????????????? - ????? Russian flight booking system suffers ?massive? cyberattack Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News NATO investigating breach, leak of internal documents | CyberScoop Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive Suspected China-based hackers target Middle Eastern telecom, Asian government North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company Ransomware gangs destroying data, using multiple strains during attacks: FBI Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica NSA is creating a hub for AI security, Nakasone says Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica ?Snatch? Ransom Group Exposes Visitor IP Addresses ? Krebs on Security IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch

On this week?s show Patrick Gray and Dmitri Alperovitch discuss the week?s security news. They cover:

How western youths are working with Russian ransomware crews Russia has changed its targeting in Ukraine A massive breach of historical Russian flight information is god?s gift to OSINT orgs Cisco buys Splunk for $28bn Much, much more

This week?s show is brought to you by Panther. Its field CISO Ken Westin is this week?s sponsor guest.

Links to everything that we discussed are below.

Show notes MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive mgmkirwan - DocumentCloud Cross-Tenant Impersonation: Prevention and Detection | Okta Security 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters Youth hacking ring at the center of cybercrime spree | CyberScoop UK logistics firm blames ransomware attack for insolvency, 730 redundancies Philippines state health org struggling to recover from ransomware attack Bermuda?s premier attributes system outages to ?Russia-based? attackers Russian hackers target Ukrainian government systems involved in war crimes investigations (4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X Hackers break into Russian database with data on hundreds of millions of flights Canada blames border checkpoint outages on cyberattack Air Canada says hackers accessed limited employee records during cyberattack 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years Hong Kong crypto business Mixin says hackers stole $200 million in assets Cisco to buy Splunk for $28B | Cybersecurity Dive British Army general says UK now conducting ?hunt forward? operations World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado

In this edition of Snake Oilers you?ll hear product pitches from:

Sublime Security: e-mail security for people who want to tune their detections VulnCheck: Provides vulnerability intelligence to governments, large enterprises and vendors Devicie: Manage your devices with Intune without pulling your hair out Show notes sublime.security VulnCheck - Outpace Adversaries Cloud-native device management platform | Devicie

On this week?s show Patrick Gray, Adam Boileau and Lina Lau discuss the week?s security news. They cover:

Microsoft?s 38TB oopsie MGM?s Okta compromised, was this what Okta was warning us about? Why we need a cyber knife fight Google Authenticator sync abused in the wild Much, much more

This week?s show is brought to you by Push Security. Co-founder Adam Bateman is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop Wiz on X: "? BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know ? https://t.co/2V8u9IekGV" / X Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center (6) Microsoft's Security Culture Just Isn't up to Scratch Threat actors claim to have compromised MGM Resorts? Okta environment | Cybersecurity Dive MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive I Gambled in MGM's Hacked Casinos ?Scattered Spider? group launches ransomware attacks while expanding targets in hospitality, retail MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive Caesars Entertainment says it was also a victim of a cyberattack Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive DHS: Ransomware attackers headed for second most profitable year (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won?t end that easily and 2) they?re still seen as experts. This is an economics problem that is enabled?" / X White House urging dozens of countries to publicly commit to not pay ransoms Cyberattack on Kansas town affects email, phone, payment systems Major trucking software provider confirms ransomware incident Several Colombian government ministries hampered by ransomware attack Manchester police officers? data stolen following ransomware attack on supplier Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say How Google Authenticator made one company?s network breach much, much worse | Ars Technica Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED Mozilla, CISA urge users to patch Firefox security flaw UK passes the Online Safety Bill ? and no, it doesn?t ban end-to-end encryption Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian ??? ?????????? ??????????, ??? ???????? ?????????? ?? Apple ? ????????? ?????. ????? ?? ????????? ?????? ????????, ? ???????? ??????? ????? ????????? ????????? Pegasus ? Meduza War crimes tribunal ICC says it has been hacked | Reuters XINTRA - Cybersecurity Training CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube SaaS attack techniques SaaS attack matrix: The shadow workflow?s evil twin SaaS Attack: How to SAMLjack a poisoned tenant SAMLjacking a poisoned tenant demo - YouTube SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

How Storm-0558 stole Microsoft?s signing key Cisco 0day being used by ransomware crews We were right about Elon stumbling into the Ukraine war Someone?s amazing image library 0day just got crushed Much, much more!

This week?s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center Microsoft reveals how hackers stole its email signing key? kind of | TechCrunch Kevin Beaumont: "One extra thing to highlight -?" - Cyberplace Preventing Authentication Bypass: A Tale of Two Researchers - YouTube BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive Microsoft Teams phishing attack pushes DarkGate malware CISA warns of attacks using Microsoft Word, Adobe bugs New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive MGM Resorts takes systems offline following cyberattack Save the Children International hit with cyberattack, but says operations weren?t impacted Sri Lankan government loses months of data following ransomware attack (6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too. Opinion | The untold story of Elon Musk?s support for Ukraine - The Washington Post Elon Musk on X: SpaceX unveils Starshield, a military variation of Starlink satellites China-Linked Hackers Breached a Power Grid?Again | WIRED Just waiting for a mate - YouTube North Korea-backed hackers target security researchers with 0-day | Ars Technica Cars are collecting data on par with Big Tech, watchdog report finds Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X

In this edition of Snake Oilers you?ll hear product pitches from:

ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down Zero Networks: Agentless: heavily automated microsegmentation and a VPN product that won?t get you insta-owned Show notes ConductorOne - Identity security & access control Home - BloodHound Enterprise Microsegmentation in a Matter of Minutes | Zero Networks

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel?s SS7 access Much, much more!

This week?s show is brought to you by Gigamon. Mark Jow, Gigamon?s EMEA Technical Director is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach ? Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers? networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? ? Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World?s Top Cybercrime Gangs | WIRED

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

The FBI takes down Qakbot, steals operators? bitcoins ha ha Danish hosting provider completely destroyed in ransomware attack Sophisticated Russian cyber attack on Polish trains. Well. Not really. Microsoft revokes cert then revokes its revocation Much, much more!

This week?s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint?s EVP of cybersecurity strategy Ryan Kalember is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters Danish cloud host says customers ?lost all data? after ransomware attack | TechCrunch VDP Platform 2022 Annual Report Showcases Platform?s Success | CISA Proposed bill would require vulnerability disclosure policies for all federal contractors The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED Two suspects arrested following Poland railway hack ?Incredible concern and anger? among Metropolitan Police after hackers breach data New malware from North Korea?s Lazarus used against healthcare industry North Korea?s Lazarus hackers behind recent crypto heists: FBI US arrests Tornado Cash co-founder, sanctions another who remains at large Kroll Employee SIM-Swapped for Crypto Investor Data ? Krebs on Security (2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant Unpacking the MOVEit Breach: Statistics and Analysis The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive British court convicts two teen Lapsus$ members of hacking tech firms Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. ? Krebs on Security Apple security updates could be banned by British government

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

(NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!)

US Government warnings to private space sector on cyber risk Ukrainian hackers dump the inbox of Russian Duma deputy chair Absentee voting in Ecuador?s election disrupted by DDoS attack South Korea warns of Chinese ?spy chips? Much, much more!

This week?s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week?s show to talk about Powershell Constrained Language mode.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Risky Biz News: US warns space sector of hacks, spying, IP theft, and sabotage Safeguarding the US Space Industry - DocumentCloud Ukrainian hackers claim to leak emails of Russian parliament deputy chief Feature Interview: How Sandworm prepared Ukraine for a cyber war - Risky Business British intelligence is tipping off ransomware targets to disrupt attacks Ecuador?s national election agency says cyberattacks caused absentee voting issues Chinese-made 'spy chip' found in Korean state-run weather agency system : r/korea [??]??? ????? ?????? ? ?? | ??A ?? Legitimate software tainted in attacks on Hong Kong organizations, report says Chinese hackers accused of targeting Southeast Asian gambling sector Risky Biz News: PowerShell's official package repo is a supply chain mess Zoom?s AI terms overhaul sets stage for broader data use scrutiny | Cybersecurity Dive Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI | CyberScoop Ivanti: Customers ?impacted? by new zero-day vulnerability CISA, experts warn of Citrix vulnerabilities being exploited by hackers Zero Networks Connect - Zero Networks | Contain The Next Breach Australia?s .au domain administrator denies data breach after ransomware posting Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | CyberScoop ?Extreme? user abuse leads AnonFiles operators to shut down hosting service Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica Did a Journalist Violate Hacking Law to Leak Fox News Clips? The Government Thinks He Did.

In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia?s invasion.

From turning off Ukraine?s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia?s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions.

How has Ukraine been able to withstand Russia?s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB?s Lapsus$ report Much, much more

This week?s show is brought to you by RunZero. Its co-founder HD Moore is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb?" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ?WormGPT? ? Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac?" - Infosec Exchange

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Tenable gives Microsoft a spray over Azure bug fix delay, quality Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization Ransomware targets hospitals, special needs schools Japan?s cybersecurity has some catching up to do Much, much more

This week?s show is brought to you by Corelight. Brian Dye, Corelight?s CEO, is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop Microsoft resolves vulnerability following criticism from Tenable CEO New Microsoft Azure AD CTS feature can be abused for lateral movement Hackers force hospital system to take its national computer system offline Israeli hospital redirects new patients following ransomware attack Russia-linked cybercriminals target school for children with learning difficulties Hackers accessed 16 years of Colorado public school student data in June ransomware attack Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms China hacked Japan?s classified defense cyber networks, officials say - The Washington Post Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne Ukraine says it thwarted attempt to breach military tablets The Mystery of Chernobyl?s Post-Invasion Radiation Spikes | WIRED Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving U.K. election regulator says hackers had access for over a year but elections still secure Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times New ?Downfall? Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED New Inception attack leaks sensitive data from all AMD Zen CPUs Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch ?Crypto couple? pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Ron Wyden?s ?please explain? letter to Microsoft Chinese APT crews prepositioning to disrupt US military logistics China claims US hacked its seismology sensors Ivanti/MobileIron exploitation going vertical Much, much more

This week?s show is brought to you by Stairwell. Mike Wiacek, Stairwell?s founder and CEO, is this week?s sponsor guest. He?s joined by Eric Foster, Stairwell?s VP of Business Development.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica John Hultquist? on Twitter: "We found this actor in land, air, and sea transportation targets which could be leveraged for a serious disruption to logistics." / X China accuses U.S. of hacking earthquake monitoring equipment Exclusive: Pentagon Investigates ?Critical Compromise? Of Air Force Communications Systems CISA: Ivanti hacks targeting Norway began in April US, Australia cyber agencies warn IDOR security flaws can be exploited ?at scale? | TechCrunch Ivanti warns of second vulnerability used in attacks on Norway gov?t Andrew Morris on Twitter: "Exploitation of Ivanti EPMM (MobileIron Core) CVE-2023-35078 is currently popping off https://t.co/tkRoWqvtv1 https://t.co/XOaWEZ3U3X" / X Trail of Bits | Products US contractor says info of up to 10 million leaked in MOVEit breach British ambulances unable to access patient records system following cyberattack Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive An Unexpected Endorsement for WebAuthn | Okta Security SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive White House unveils ?whole of society? push to expand cybersecurity workforce Section 702 surveillance powers are necessary, but FBI access needs limits, panel says The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED Kazakhstan refuses to extradite detained Russian cyber expert to US Russia Sends Cybersecurity CEO to Jail for 14 Years ? Krebs on Security Millions stolen from crypto platforms through exploited ?Vyper? vulnerability A New Attack Impacts ChatGPT?and No One Knows How to Stop It | WIRED Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters No evidence ransomware victims with cyber insurance pay up more often, UK report says ?Worm-like? botnet malware targeting popular Redis storage tool Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Bug in Minecraft mods allows hackers to exploit players' devices

In this interview Patrick Gray speaks to Australia?s Home Affairs and Cyber Security Minister Clare O?Neil and NCSC founding director Ciaran Martin about the government?s upcoming cybersecurity strategy, releasing the hounds and more.

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

The dust-up between Microsoft and Wiz MobileIron/Ivanti 0day hoses Norwegian government agencies That?ll do TETRA, that?ll do? Microsoft finally agrees to offer decent logging without price gouging Much, much more

This week?s show is brought to you by Resoucely. Travis McPeak, Resourcely?s co-founder and CEO, is this week?s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Hackers exploited Ivanti zero-day to breach Norway?s government Citrix zero day exposes critical infrastructure, one provider hit | Cybersecurity Dive Interview with the ETSI Standards Organization That Created TETRA "Backdoor" Researchers Find ?Backdoor? in Encrypted Police and Military Radios Microsoft attackers may have data access beyond Outlook, researchers warn | Cybersecurity Dive Risky Biz News: Microsoft feels the heat, gives customers access to more cloud security logs Risky Biz News: JumpCloud compromised by APT group North Korean hackers breached a US tech company to steal crypto | Reuters North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say | CyberScoop White House secures safety commitments from 7 AI companies | Cybersecurity Dive Renewable technologies add risk to the US electric grid, experts warn | CyberScoop Statement on Labor?s rush to renewables leaves Australia vulnerable to catastrophic cyber attack Zenbleed Firmware vulnerabilities in millions of computers could give hackers superuser status | Ars Technica Satellites Are Rife With Basic Security Flaws | WIRED Russia?s vast telecom surveillance system crippled by withdrawal of Western tech, report says Apple issues third mobile OS update after zero-click spyware campaign | CyberScoop Apple slams UK surveillance-bill proposals - BBC News Bill that Would Stop the Government Buying Data Without a Warrant Passes Key Hurdle Kevin Mitnick Obituary - Las Vegas, NV

This Soap Box edition of the podcast is sponsored by Proofpoint.

Proofpoint offers email security and DLP products and services, and they?re probably best known for being the biggest email security company on the planet.

That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that?s malware, phishing or BEC.

So, with that in mind, what role could large language models play in email security?

Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint?s VP of cybersecurity strategy Ryan Kalember about large language models and how they?re going to help defenders and attackers alike.

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Microsoft?s weasel-word response to the State Department email hack JumpCloud got owned, maybe by DPRK Citrix 0day is getting stuff rekt Two more spyware firms sanctioned by USA Scammers list fake phone numbers for major airlines on Google Maps Much, much more

This week?s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island?s CTO and co-founder, is this week?s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes China-based hackers breach email accounts at State Department Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant Hackers target Pakistani government, bank and telecom provider with China-made malware Risky Biz News: JumpCloud compromised by APT group Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica CISA warns of dangerous Rockwell industrial bug being exploited by gov?t group Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities Google fixes ?Bad.Build? vulnerability affecting Cloud Build service White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity Two more foreign spyware firms blacklisted by US Phone numbers for airlines listed on Google directed to scammers By criminals, for criminals: AI tool easily generates ?remarkably persuasive? fraud emails Itamar Golan ? on Twitter: "A malicious LLM-based tool known as WormGPT ? is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success? https://t.co/fAcrYhT696" / Twitter FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive Fed ends Capital One breach-related enforcement action | Cybersecurity Dive Norwegian Refugee Council hit by cyberattack Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says Albania?s PM complains US is not providing country with cyberdefense funds VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL Genesis Market sold to anonymous buyer despite FBI disruption

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

The SEC is targeting SolarWinds executives UK to make banks liable for fraud NSA issues advice on UEFI trojan Microsoft blocks 100+ dodgy drivers The US IC knew what Prihozhin was up to. But what FSB doing? Much, much more

This week?s show is brought to you by Netwrix. Martin Cannard, Netwrix?s VP of Product Strategy, is this week?s sponsor guest. He talks about why zero standing privilege is a worthy goal.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop Major Japanese port suspends operation following ransomware attack Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive Chinese state-backed hackers accidentally infected a European hospital with malware Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica CISA says latest VMware analytics bug being exploited MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post Russian election-meddling ?troll factory? reportedly shut down after Wagner revolt Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop Hackers claim to take down Russian satellite communications provider Russian railway site allegedly taken down by Ukrainian hackers Several US states investigating ?SiegedSec? hacking campaign Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop Hacktivists steal government files from Texas city Fort Worth | TechCrunch Belarusian hacktivists ?laim to breach country?s leading state university British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar Silk Road?s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow More than 6,500 arrested since French and Dutch police?s EncroChat hack BreachForums seized by FBI three months after arrest of alleged admin BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop Genesis Market gang tries to sell platform after FBI disruption Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive CSI_BlackLotus_Mitigation_Guide.PDF Hacks targeting British exam boards raise fears of students cheating More than $125 million taken from crypto platform Multichain Twitter?s chaotic weekend of outages and rate limits leaves more questions than answers Mastodon fixes critical ?TootRoot? vulnerability allowing node hijacking | Ars Technica

In this edition of the Soap Box podcast we?re going to be talking about a great topic ? living off the land.

The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques.

So the question becomes ? what can you do about an attacker in your environment who has privilege and isn?t using malware?

Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Albanian authorities raid MEK over Iran hacks Microsoft admits ?Anonymous Sudan? took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more

This week?s show is brought to you by Material Security. We?ll be hearing from one of Material?s friends ? Courtney Healey, senior manager of insider threat at Coinbase ? in this week?s sponsor interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ?without delay? The US Navy, NATO, and NASA Are Using a Shady Chinese Company?s Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi?s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans? data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso?" - Infosec Exchange

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Fortinet 0day Groundhog Day CISA?s new binding directive on exposed management interfaces Confirmed: US intelligence buying commercially available data MOVEit drama rolls on Much, much more

This week?s show is brought to you by Red Canary. Chris Rothe is this week?s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek Barracuda Urges Replacing ? Not Patching ? Its Email Security Gateways ? Krebs on Security MOVEit announces second vulnerability; Minnesota schools agency breached with original bug Confidential data downloaded from UK regulator Ofcom in cyberattack Ransomware group Clop issues extortion notice to ?hundreds? of victims Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch CISA orders US civilian agencies to remove tools from public-facing internet Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive Microsoft says Azure outage was caused by ?anomalous? traffic spike Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco U.S. Spy Agencies Buy Vast Quantities of Americans? Personal Data, U.S. Says - WSJ The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED Srsly Risky Biz: Thursday, July 29 - by Tom Uren National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post Senators say Biden administration isn?t close on overhauling surveillance law Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e North Korean hacking group Lazarus linked to $35 million cryptocurrency heist North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters An Illinois hospital links closure to ransomware attack Security professional's tweet forces big change to Google email authentication | CyberScoop Can you trust ChatGPT?s package recommendations? LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

Russia?s FSB uncovers ?NSA malware? on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China?s prepositioning is probably? prepositioning Much, much more

This week?s show is brought to you by Thinkst Canary. Marco Slaviero is this week?s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials ?????????? ????????? ?????. ????????? ???????????? ??????? «??????» ? ?????????? Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i?" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly?" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware ? Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks ? Krebs on Security Google?s Android and Chrome extensions are a very sad place. Here?s why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact [email protected]" / Twitter BrianKrebs: "Russian news outlet Kommersant?" - Infosec Exchange Thinkst

On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news. They cover:

China?s lolbin-powered intrusions into critical infrastructure Trend Micro backs BlackBerry?s Cuba call Anonymous Sudan shakes down Scandanavian Airlines Iranian opposition party MEK publishes gargantuan leak Much, much more

This week?s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week?s sponsor guest and he joins us to talk about the big security challenges in Kubernetes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that?s your thing.

Show notes Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (1) New Messages! U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant Void Rabisu?s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors? Goals Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines Iranian dissidents take over high-security servers of regime presidency | Iran-linked hackers Agrius deploying new ransomware against Israeli orgs Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses NSO spyware used in Armenia-Azerbaijan conflict, report finds Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware SMS pumping fraud: take care how you configure MFA - TechHQ Full Disclosure: Printerlogic multiple vulnerabilities Barracuda Networks issue added to CISA vulnerability list Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive Developing: RaidForums users db leaked Phishing Domains Tanked After Meta Sued Freenom ? Krebs on Security Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll.

They talk about all sorts of things, like:

How the ransomware ecosystem is evolving into ?ma and pa? operations Some killer detections they?ve figured out What separates the good networks from the bad ones Why EDR is of limited value if you?re not actually monitoring it Why not letting MDRs do the R part of their job is really, really, really dumb