On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:Chinese APT crew goes berserk with Exchange 0day Russia hacks Ukraine and USA, India hacks China, China hacks India The NYTimes got something big wrong again (shock horror) CANVAS exploit pack leaks, including their sweet, sweet Spectre exploit Atlantic Council report into offensive capability vendors/contractors Your vCentre gear it probably already on fire: find out why! Much, much more
This week?s show is brought to you by Yubico, the makers of the Yubikey.
Yubico Chief Solutions Officer Jerrod Chong will be along in this week?s sponsor interview to talk about ?passwordless authentication?. Some organisations have a pretty bad understanding of what passwordless is, while other organisations are running into the mountains to avoid even thinking about it. But with hardware supported WebAuthn becoming pretty much ubiquitous, Jerrod thinks a tipping point is coming. Also, they?ve launched passwordless auth for AzureAD.
NOTE: This podcast introduces Jerrod Chong as the CTO of Yubico. He?s actually the Chief Solutions Officer. It was our mistake, apologies!Microsoft says China-backed hackers are exploiting Exchange zero-days | TechCrunch Orange Tsai ? on Twitter: "The patch release of this BIG ONE is coming soon, and a short advisory is also standing by! (BTW, no one guess the right target in comments?)" / Twitter HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn | WIRED Suspected China-linked hackers targeted India's energy sector, research suggests China Appears to Warn India: Push Too Hard and the Lights Could Go Out - The New York Times No 'Sabotage' Behind Mumbai Power Outage, Chinese Hacking Attempt a Month Later: Power Minister Indian cyber-espionage activity rising amid growing rivalry with China, Pakistan | The Daily Swig Chinese cyberspies targeted Tibetans with a malicious Firefox add-on | ZDNet Ukraine says Russia hacked its document portal and planted malicious files | Ars Technica Ege Balc? on Twitter: "OMG !! Rumors are real?? Immunity CANVAS 7.26 exploit pack is leaked. More than 800 1days and weaponized spectre exploit. https://t.co/N14QjMlKtD" / Twitter First Fully Weaponized Spectre Exploit Discovered Online | The Record by Recorded Future daveaitel on Twitter: "Just some random video that MAY or MAY NOT be interesting to you! :)" / Twitter More Zero-Days Have Been Linked to Private Companies Than Any Nation State | The Record by Recorded Future Countering cyber proliferation: Zeroing in on Access-as-a-Service - Atlantic Council More than 6,700 VMware servers exposed online and vulnerable to major new bug | ZDNet Far-Right Platform Gab Has Been Hacked?Including Private Data | WIRED Rookie coding mistake prior to Gab hack came from site?s CTO | Ars Technica Universal Health Services reports $67 million in losses after apparent ransomware attack Payroll/HR Giant PrismHR Hit by Ransomware? ? Krebs on Security Is Your Browser Extension a Botnet Backdoor? ? Krebs on Security Suspicious finds: Researcher discovers Go typosquatting package that relays system information to Chinese tech firm | The Daily Swig Microsoft shares tool to hunt for compromise in SolarWinds breach Biden signs executive order demanding supply chain security review H2C smuggling named top web hacking technique of 2020 | The Daily Swig Hackers release a new jailbreak tool for almost every iPhone | TechCrunch Yubico | #YubiKey on Twitter: "?We've reached a new milestone in our #passwordless journey! Today, #YubiKey passwordless authentication is now generally available to @Microsoft?s #AzureAD users, a critical step toward achieving better security without compromising usability. https://t.co/u892JFipR9" / Twitter
This is a sponsored podcast featuring ExtraHop?s co-founder and CTO Jesse Rothstein. ExtraHop is a Network Detection and Response (NDR) vendor that started out offering network health and monitoring tools before being pulled into the security space by its own customers.
Jesse joined host Patrick Gray to talk about the SolarWinds compromise from a Network Detection and Response vendor?s perspective, about cloud security and monitoring, some of ExtraHop?s backstory and more. Enjoy!
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:USA floats new sanctions against Russia TikTok, WeChat get stay of execution Dependency confusion is ugh US indicts Lazarus crypto-thieves France ties Sandworm crew to Centreon intrusion MORE
This week?s show is brought to you by Thinkst Canary. Thinkst?s founder Haroon Meer is this week?s sponsor guest and he joins us to have a very Haroon-style conversation. We talk about how security controls and detections often fall over when things happen that take place outside of our assumptions: trojaned software updates, attackers hiding in unconventional places like monitors, things like that. That?s a great conversation.Biden administration planning to sanction Russia for SolarWinds hacks - The Washington Post SolarWinds hackers targeted NASA, Federal Aviation Administration networks | TechCrunch SolarWinds hackers studied Microsoft source code for authentication and email | Reuters Centreon says only 15 entitites were targeted in recent Russian hacking spree | ZDNet France Ties Russia's Sandworm to a Multiyear Hacking Spree | WIRED Dax-Côte d?Argent hospital in France hit by ransomware attack | The Daily Swig FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group | ZDNet China Hijacked an NSA Hacking Tool in 2014?and Used It for Years | WIRED Biden administration pauses Trump's plans to ban WeChat, TikTok - CyberScoop North Korean Hackers Accused Of ?Biggest Cryptocurrency Theft Of 2020??Their Heists Are Now Worth $1.75 Billion Feds Indict North Korean Hackers for Years of Heists and Scams | WIRED Dependency confusion attack mounted via PyPi repo exposes flawed package installer behavior | The Daily Swig Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Feb, 2021 | Medium Microsoft warns enterprises of new 'dependency confusion' attack technique | ZDNet Microsoft starts removing Flash from Windows devices via new KB4577586 update | ZDNet Flash version distributed in China after EOL is installing adware | ZDNet Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang ? Krebs on Security (2) The Riviera Maya Gang: Cash, Crime, Killing - YouTube Spike in ATM Skimming in Mexico? ? Krebs on Security Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests | ZDNet New malware found on 30,000 Macs has security pros stumped | Ars Technica Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks RIPE NCC discloses failed brute-force attack on its SSO service | ZDNet Lawmakers Demand Answers from Military on Muslim App Data BIND implements DNS-over-HTTPS to offer enhanced privacy | The Daily Swig Parler Says It?s Back | WIRED Security bugs left unpatched in Android app with one billion downloads | ZDNet Yandex said it caught an employee selling access to users' inboxes | ZDNet Prosecutor charges former phone company employee in SIM-swap scheme | Ars Technica Authorities arrest SIM swapping gang that targeted celebrities | ZDNet Data retention laws: Australian police given new metadata recommendations Prosecutors Suspend Government Spyware Used in WhatsApp Phishing Attacks Canary ? know when it matters
Recent attacks by SVR against US targets have mostly been written up under the moniker of the ?SolarWinds campaign?. In our view, that?s inaccurate. The defining characteristic of this campaign wasn?t the SolarWinds supply chain stuff, it?s was the abuse of Microsoft cloud services.
My understanding of how contemporary cloud services work isn?t actually as good as it should be. And that got me thinking ? if my understanding isn?t that great, then there?s probably a lot of other people out there who don?t quite grok this stuff, particularly on the policy side. So, I set out to prepare a primer on Microsoft cloud security.
Our guest in this podcast is Dirk-Jan Mollema. He works at Fox-IT in the Netherlands and is one of their core researchers on Azure AD and Active Directory Security. What you?re about to listen to, essentially, is me picking his brain so I can wrap my own head around this stuff. The hope is that some of you will learn along with me!
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:The latest on the attempted Florida water poisoning incident How to abuse Google Sync services for great victory Why Signal?s TLS proxies for Iranians are probably a bad idea OG username brokers targeted by social media legal army Much, much more
This week?s sponsor interview is with Dan Guido of Trail of Bits. They?ve released an enterprise version of their iVerify tool. It?s a security tool for iOS (an Android version is in beta) that lets organisations monitor things like patch levels and passcode compliance without actually requiring the installation of MDM profiles. It?s an enterprise mobile security tool for orgs that don?t need or want full MDM.Hackers try to contaminate Florida town's water supply through computer breach | Reuters Water, Water Everywhere ? But Nary a Hacker to Blame ? Stranded on Pylos 'Cyberpunk 2077' Maker Was Hit With Ransomware?and Won't Pay Up | WIRED FBI leaned on Dutch cops' hacking in Emotet disruption Researchers find financial ties between notorious ransomware gangs Blockchain transactions confirm murky and interconnected ransomware scene | ZDNet Two Iranian hacking groups appear to be actively snooping on critics around the globe Signal issues workaround for Iran's ban of messaging app Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes Here's the Cease and Desist Facebook Sent to 'OG' Account Thieves A Coordinated Takedown Targets 'OGUser' Account Thieves | WIRED Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts ? Krebs on Security Security firm Stormshield discloses data breach, theft of source code | ZDNet Lawsuit filed against California firm over Washington state auditor data breach | The Seattle Times Rudy Giuliani, Sidney Powell named in $US2.7 billion libel suit by Smartmatic voting company Chrome users have faced 3 security concerns over the past 24 hours | Ars Technica InfoSec Handlers Diary Blog CacheFlow: Malware hidden in popular browser extensions went undetected for years | The Daily Swig Google: Proper patching would have prevented 25% of all zero-days found in 2020 | ZDNet Project Zero: Déjà vu-lnerability SonicWall issues patch for firmware zero-day used to attack the company and its customers ?Severe? SolarWinds Vulnerabilities Allow Hackers To Take Over Servers Skype ?spoofing vulnerabilities? are a haven for social engineering attacks, security researcher claims | The Daily Swig Android devices ensnared in DDoS botnet | ZDNet A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets Clearview AI ruled ?illegal? by Canadian privacy authorities | TechCrunch Arrest, Raids Tied to ?U-Admin? Phishing Kit ? Krebs on Security Serbian man extradited to US over cryptocurrency mining fraud scheme Hack against older Nespresso vending machines facilitates endless free beverage exploit | The Daily Swig There Are Spying Eyes Everywhere?and Now They Share a Brain | WIRED Patrick Gray on Twitter: "I'm wondering if anyone can tell me if MDM is still a necessary enterprise software category? iPhone/Android data at rest is fairly secure (assuming passcode is set) and widespread commodity device ownage isn't really an issue. Is MDM still actually useful?" / Twitter iVerify for Organizations | iPhone and Android Security for Your Team
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:Emotet is? gone? Accellion FTAs were owned everywhere, not just in ANZ US courts air-gap sensitive filings in wake of Holiday Bear attacks iOS 14 brings iMessage security improvements Much, much more
Proofpoint?s Sherrod DeGrippo is this week?s sponsor guest. She joins the show to talk about Emotet?s demise, Trickbot?s survival, BEC, ransomware and more.Cops Disrupt Emotet, the Internet's ?Most Dangerous Malware? | WIRED Emotet, NetWalker and TrickBot have taken big blows, but will it be enough? New Trickbot module uses Masscan for local network reconnaissance | ZDNet U.K. Arrest in ?SMS Bandits? Phishing Service ? Krebs on Security Accellion appliances under attack - Risky Business Accellion FTA Targeted by Web Shell | GuidePoint Security Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say | Morningstar Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency ? sources | Reuters Russian hack brings changes, uncertainty to US court system After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case South Sudan worked with Israeli surveillance company to monitor citizens, Amnesty finds Apple Fixes One of the iPhone's Most Pressing Security Risks | WIRED The Taxman Cometh for ID Theft Victims ? Krebs on Security Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks | ZDNet Facebook Ad Services Let Anyone Target US Military Personnel | WIRED Pranking My Roommate With Eerily Targeted Facebook Ads Hezbollah's cyber unit hacked into telecoms and ISPs | ZDNet Google bans another misbehaving CA from Chrome | ZDNet A network of Twitter bots has attacked the Belgian government's Huawei 5G ban | ZDNet FonixCrypter ransomware gang releases master decryption key | ZDNet For Microsoft, cybersecurity has become bigger than business Google funds project to secure Apache web server project with new Rust component | ZDNet SonicWall zero-day exploited in the wild | ZDNet Ollie Whitehouse on Twitter: "@SonicWall @NCCGroupInfosec We have had confirmed receipt from yourselves" / Twitter Urgent Security Notice: SonicWall Confirms SMA 100 Series 10. X Zero-Day Vulnerability [Feb. 1, 2 P.M. CST] | SonicWall British Mensa website hacked after directors quit over ?data protection failures? | The Daily Swig Huawei?s HarmonyOS: ?Fake it till you make it? meets OS development | Ars Technica
These Soap Box editions of the show are wholly sponsored, which means everyone you hear in one of these editions, paid to be here.
This edition of the show is brought to you by Material Security. Basically what they do is lock up your cloud-based email. They use Google and Microsoft?s APIs to redact sensitive information from your mail spool ? or even redact entire messages from your spool, like, say, anything over a month old ? and then kick you up to an auth challenge when you want to access that mail.
It?s a product that recognises that email isn?t just a vector ? often it?s an attacker?s target.
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:DPRK offers free 0day to researchers, with a pretty significant catch SonicWall gets owned because it runs SonicWall gear. Big mistake. Chinese trains didn?t stop running because Flash died :( Dominion to sue Rudy Giuliani for $1.3bn over insecurity claims The sudo bug. Lol.
This week?s show is brought to you by Cmd Security, the Linux security company. Its focus has traditionally been on restricting the type of bash commands users can enter. It?s like a control plane for Linux systems. But some of its customers manage their Linux endpoints through different, non-bash entry points. So they?ve added some features to their product to deal with that, which has also resulted in them having an IDR capability. It?s all pretty sensible stuff though, and Cmd co-founder and CEO Jake King will be along to talk us through all of that.New campaign targeting security researchers Fake Twitter personas, bogus blog delivered North Korea-linked malware to researchers As Adobe Flash stops running, so do some railroads in China ? Apple Daily Flash Is Dead?but Not Gone | WIRED South African government releases its own browser just to re-enable Flash support | ZDNet SonicWall says it was hacked using zero-days in its own products | ZDNet Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team Ransomware hackers launder bitcoin through just a handful of locations, researchers find No decisions yet on any changes to TikTok or Huawei cases, White House says Dominion files $1.3 billion defamation suit against Giuliani over election security claims FBI tracking cell phones, Capitol riots | wusa9.com Technologists Use Facial Recognition on Parler Videos DIA uses purchased phone location data without warrants Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treaty - The New York Times FSB warns of US cyberattacks after Biden administration comments | ZDNet Cyber ?Deterrence?: A Brexit Analogy - Lawfare Hacker leaks data of 2.28 million dating site users | ZDNet Intel says financial graphic was 'hacked,' forcing early release of 2020 report Reuters accused of hack attack | ZDNet DDoSers are abusing Microsoft RDP to make attacks more powerful | Ars Technica Apple fixes another three iOS zero-days exploited in the wild | ZDNet Hackers actively scanning for vulnerable SAP systems after exploit gets dropped on GitHub | The Daily Swig MrbMiner crypto-mining operation linked to Iranian software firm | ZDNet Details of YouTube viewing history exposure bug made public | The Daily Swig TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks | Threatpost Bot Lets Hackers Easily Look Up Facebook Users' Phone Numbers Australian orgs exposed to Accellion vulnerability CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog A deeper dive into our May 2019 security incident - Stack Overflow Blog
On this week?s show Dmitri Alperovitch, Sherrod DeGrippo and Joe Slowik join host Patrick Gray to talk through the week?s news:MalwareBytes the latest victim in the increasingly poorly-named ?SolarWinds campaign? FireEye issues helpful guidance, tools, to help orgs detect ?golden SAML? and related techniques Rob Joyce, Anne Neuberger, Michael Sulmeyer all get promoted! Wooo! Much, much more
This week?s show is brought to you by Airlock Digital. They make what we?re calling an execution control platform. Its central feature is easy-to-use and hard-to-bypass allowlisting. It?s a bunch of sensible and useable controls packaged up into a 7Mb. It slices, it dices, it slays lolbins and user powershell rights, and it comes in a beautiful suede pouch! It?s the endpoint protection you get when it?s built by practitioners in concert with people who actually understand windows internals. That?s right! Patrick is drinking the Kool-Aid on this one! Airlock founders Dave Cottingham and Daniel Schell join in this week?s sponsor interview to talk through allow-listings second wave of popularity.
Links to everything are below!Show notes Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet Fourth malware strain discovered in SolarWinds incident | ZDNet FireEye releases tool for auditing networks for techniques used by SolarWinds hackers | ZDNet Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine | Ars Technica Rob Joyce named new NSA cybersecurity director - CyberScoop Biden team taps NSA Cybersecurity Director Anne Neuberger for NSC - CyberScoop Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig Airbnb to Cancel All DC Bookings in Inauguration Week CISA tells agencies to consider ad blockers to fend off 'malvertising' Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet Iranian cyberspies behind major Christmas SMS spear-phishing campaign | ZDNet Joker's Stash, the internet's largest carding forum, is shutting down | ZDNet After judge orders release of hacker tied to ISIS, US says 'Not so fast' A security researcher commandeered a country?s expired top-level domain to save it from hackers | TechCrunch Scam-as-a-Service operation made more than $6.5 million in 2020 | ZDNet Signal endures 'technical difficulties' amid new popularity - CyberScoop Introducing Malvuln.com ? the first website ?exclusively dedicated? to revealing security vulnerabilities in malware | The Daily Swig Critical zero-day RCE in Microsoft Office 365 awaits third security patch | The Daily Swig FBI investigating whether woman stole laptop from Pelosi's office to sell it to Russia - POLITICO Linux Mint fixes screensaver bypass discovered by two kids | ZDNet Text of a Letter to the Speaker of the House of Representatives and the President of the Senate | The White House Request an Airlock Product Demonstration - Airlock Digital
Joe Slowik and Katie Nickels are guest co-hosts in this week?s edition of the show. They join Patrick Gray to talk about:Mimecast having some stolen certificate, errr, ?problems? The confusing reports about JetBrains Analysis of the malware used in the SolarWinds campaign Australian man arrested in Germany and charged with running DarkMarket The Great Deplatforming of 2021
This week?s show is brought to you by Gigamon.
If you?re a Gigamon shop you should really take a look at their ThreatInsight platform, that?s a no brainer. Even if you?re not, they?re real players in the network detection and response space. Joining us in this week?s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.Mimecast says hackers abused one of its certificates to access Microsoft accounts | ZDNet JetBrains denies being involved in SolarWinds hack | ZDNet Federal courts are latest apparent victim of SolarWinds hack CISA: SolarWinds hackers also used password guessing to breach targets | ZDNet Sealed U.S. Court Records Exposed in SolarWinds Breach ? Krebs on Security The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group | WIRED (1) New Message! SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack - CyberScoop Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources | Reuters DarkMarket: world's largest illegal dark web marketplace taken down | Europol Rioters Had Physical Access to Lawmakers? Computers. How Bad Is That? Trump Is Permanently Suspended From Twitter Facebook bans Trump indefinitely; risks 'simply too great,' Zuckerberg says - CyberScoop Amazon boots Parler from web hosting service over violent content - CyberScoop Google removes Parler app from Play Store | ZDNet Twitter purges QAnon accounts; Facebook targets 'Stop the Steal' - CyberScoop Some ransomware gangs are going after top execs to pressure companies into paying | ZDNet Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data | WIRED Hackers can clone Google Titan 2FA keys using a side channel in NXP chips | Ars Technica Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor | The Daily Swig Telegram feature exposes your precise address to hackers | Ars Technica WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app | Ars Technica More Chinese apps attract a ban from a presidential administration on the way out China CCP to Nationalize Jack Ma's Alibaba and Ant Group - Report CES 2021: Intel adds ransomware detection capabilities at the silicon level | ZDNet Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes | Threatpost Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks | The Daily Swig Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon
These Soap Box editions of the show are wholly sponsored. If that?s not your thing and you?re looking for the weekly news edition of the show, just scroll one show back in your feed.
This soap box edition is brought to you by AttackIQ. They make a Breach and Attack Simulation platform that?s designed to test the effectiveness of your security controls by simulating bad things in your environment.
Carl Wright and Jonathan Reiber are joining us in this edition of the show. These days he?s AttackIQ?s senior director of cybersecurity and strategy but he previously served as a former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense.
They joined the show to talk through their work in mapping NIST 800-53 to the MITRE ATT&CK framework. Enjoy!Show notes Center for Threat-Informed Defense releases security control mappings to ATT&CK - MITRE Engenuity Here comes the bride: New map matches threat intel to cyberdefenses - CyberScoop MITRE Engenuity to strengthen critical infrastructure - AttackIQ
On this week?s show, Patrick Gray talks to Joe Slowik and Dmitri Alperovitch about the APT campaign that impacted the US government and FireEye via SolarWinds? supply chain.
Alex Stamos also joins the show to chime in more generally on supply chain interference before discussing some other news, like:Apple losing (most of) its case against Corellium Assange won?t be extradited? yet Adobe has finally killed Flash, and killed it good
This week?s show is brought to you by Signal Sciences. In this week?s sponsor interview we?ll be talking to a Signal Sciences customer, Doug DePerry. He heads product security at the Gemini cryptocurrency exchange. We?ll be talking to him about what that?s like because those sort of outfits tend to attract decent attackers.
Links to everything that we discussed are below and you can follow Patrick on Twitter if that?s your thing.Show notes Apple loses copyright battle against security start-up Corellium - The Washington Post Microsoft, Google, Cisco, and others file amicus brief in support of Facebook's NSO lawsuit | ZDNet Zero-click iOS zero-day found deployed against Al Jazeera employees | ZDNet Apple, Google, Microsoft, and Mozilla ban Kazakhstan's MitM HTTPS certificate | ZDNet Adobe to block Flash content from running on January 12, 2021 | ZDNet Zodiac Killer cipher is cracked after eluding sleuths for 51 years | Ars Technica
On this week?s show Patrick and Adam Boileau discuss the week?s security news, including:FireEye?s Very Bad Week Russian bears all up in your VMwares Chris Krebs sues Trump campaign Foxconn ransomware So much more
Proofpoint?s Ryan Kalember is this week?s sponsor guest. He joins the show to talk about their rather different approach to DLP and insider threat detection. You may have noticed we don?t really talk about DLP a whole bunch on this show because it?s, well, really boring. But Proofpoint actually has an interesting approach to the problem that?s different enough to be interesting, so do stick around for that.U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools | Reuters NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability | ZDNet Former CISA director Chris Krebs sues Trump campaign, lawyer after death threats Foxconn electronics giant hit by ransomware, $34 million ransom Ransomware attack may delay scheduled procedures at Baltimore-area medical center Ransomware attack cripples Vancouver public transportation agency | ZDNet Ransomware hits helicopter maker Kopter | ZDNet Ransomware gang Egregor publishes details from HR firm Randstand following hack Ransomware gangs are now cold-calling victims if they restore from backups without paying | ZDNet The Internet?s Most Notorious Botnet Has an Alarming New Trick | WIRED Hackers leak data from Embraer, world's third-largest airplane maker | ZDNet Data of 243 million Brazilians exposed online via website source code | ZDNet North Korean hackers ramp up coronavirus vaccine targeting Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day | ZDNet Hackers Are Targeting the Covid-19 Vaccine ?Cold Chain? | WIRED Disputed bug in Microsoft Teams posed RCE risk, researcher warns | The Daily Swig iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever | Ars Technica Critical Flaws in Millions of IoT Devices May Never Get Fixed | WIRED 8% of all Google Play apps vulnerable to old security bug | ZDNet A Broken Piece of Internet Backbone Might Finally Get Fixed | WIRED Meet ODoH, where privacy means just not knowing anything BTC-e founder sentenced to five years in prison for laundering ransomware funds | ZDNet Hacker who sent information on US personnel to Islamic State is freed by judge Kazakhstan government is intercepting HTTPS traffic in its capital | ZDNet Dell announces new protections for its PC and server supply chain | ZDNet Massachusetts lawmakers vote to pass a statewide police ban on facial recognition | TechCrunch Account Hijacking Site OGUsers Hacked, Again ? Krebs on Security Russian bears all up in your VMwares - Risky Business Hacker opens 2,732 PickPoint package lockers across Moscow | ZDNet
Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.
VMRay?s cofounders ? CEO Carsten Willems and CTO Ralf Hund ? joined host Patrick Gray to talk through the history of the sandbox tech arms race.
On this week?s show Patrick and Adam Boileau discuss the week?s security news, including:ORIGINAL: Ransomware insurance payouts are looking pretty unsustainable Trump lawyer calls for Chris Krebs? execution Hunger relief charity loses $1m to BEC Supreme court weighs CFAA Much, much more!
This week?s sponsor interview is with Marc Rogers, Okta?s Executive Director of Cybersecurity. Marc is also heavily involved with the CTI League, a group of infosec professionals who banded together early this year to try to do some good. They?re cyber do gooders! They?ve chalked up some wins and helped out a bunch of organisations, and in the process Marc and his compadres have also been well positioned to observe changes in the ransomware landscape. He joins us in this week?s sponsor interview to talk through that.Ransom payouts spell trouble for insurers - Risky Business Patients of a Vermont Hospital Are Left ?in the Dark? After a Cyberattack - The New York Times It's hard to keep a big botnet down: TrickBot sputters back toward full health (4) Chris Bing on Twitter: "It's insane for a lawyer of the President to casually mention that a former government official should be killed. And then doubly insane to see no broad condemnation from republican lawmakers." / Twitter Researchers Find Powerful Cellphone Location Surveillance in Europe, Middle East, Australia Microsoft links Vietnamese state hackers to crypto-mining malware campaign | ZDNet MacOS backdoor appears to be update of tool previously used by Vietnam-linked group Philly hunger relief group Philabundance lost nearly $1 million in cyberattack FBI warns of email forwarding rules being abused in recent hacks | ZDNet Three members of TMT cybercrime group arrested in Nigeria | ZDNet Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date Google security researcher banned from Call of Duty: Modern Warfare after ?reverse engineering networking code? | The Daily Swig Getting Banned for Security Research | nedwill?s security blog Bug Allowed Hackers to Get Anyone?s Email Address on Xbox Live Malicious npm packages caught installing remote access trojans | ZDNet Drupal inherits critical file archiving library flaw | The Daily Swig 2FA bypass discovered in web hosting software cPanel | ZDNet Microsoft removes 18 malicious Edge extensions for injecting ads into web pages | ZDNet Global Volunteer Cyberthreat Community-CERT | CTI League
On this week?s show Patrick and Mark Piper discuss the week?s security news, including:UK unveils Cyber Force US passes surprisingly sane IoT security law Symantec drops some APT10 research MobileIron bugs getting a decent workout courtesy of state-backed attackers Much, much more?
This week?s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare ? technology wise ? as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.UK formally unveils GCHQ's offensive cyber-operation shop After years of work, Congress passes 'internet of things' cybersecurity bill ? and it's kind of a big deal Symantec implicates APT10 in sweeping hacking campaign against Japanese firms State-sponsored hackers try to exploit flaw in popular mobile software, UK warns The malware that usually installs ransomware and you need to remove right away | ZDNet Biotech research firm Miltenyi Biotec hit by ransomware, data leaked Ransomware attack forces web hosting provider Managed.com to take servers offline | ZDNet Hacker leaks the user data of event management app Peatix | ZDNet Fake Zoom invite cripples Aussie hedge fund with $8m hit Tradies frustrated by banks as business email scam costs them $51,000 - ABC News Australia?s spy agencies caught collecting COVID-19 app data | TechCrunch This Bluetooth Attack Can Steal a Tesla Model X in Minutes | WIRED Baidu's Android apps caught collecting sensitive user details | ZDNet Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services ? Krebs on Security Liquid crypto-exchange says hacker accessed internal network, stole user data | ZDNet New WAPDropper malware abuses Android devices for WAP fraud | ZDNet Google Is Testing End-to-End Encryption in Android Messages | WIRED Abusive add-ons aren?t just a Chrome and Firefox problem. Now it?s Edge?s turn | Ars Technica A Facebook Messenger Flaw Could Have Let Hackers Listen In | WIRED Cisco Webex bugs allow attackers to join meetings as ghost users | ZDNet Exploitation of Cisco Security Manager RCE flaws ?imminent? | The Daily Swig Minor controversy erupts over chained iOS exploit that harvests researchers? crash dumps | The Daily Swig Patrick Gray on Twitter: "Have a read of their security expert?s website. Seriously. Check out the services page: https://t.co/w5Nv9zeeWE https://t.co/F2bwzK9n8G" / Twitter Office of National Intelligence - IT Systems Engineer
This is not an edition of the weekly news show, scroll back one episode in your podcast feed if you?re looking for that. Rhis is a wholly sponsored podcast brought to you by Bugcrowd.
Bugcrowd?s CEO Ashish Gupta joins us in this edition of the Soap Box. He?s been the CEO over there for about three years, taking the reins from our friend Casey Ellis who moved into the CTO position.
As you?re about to hear, the bug bounty companies have moved on from the days when they just provided the simple service of running bug bounty competitions for their clients. What?s emerging is a much more nuanced product mix designed to extract as much usefulness as possible out of the testers registered on their platforms.
On this week?s show Patrick and Adam discuss the week?s security news, including:CISA director Chris Krebs fired Trump ramps up his disinformation campaign TikTok ban stalls BlackBerry discovers new hacker-for-hire crew DNS cache poisoning is back. But do we really care? Much, much more
This week?s show is brought to you by Thinkst Canary. Thinkst?s founder Haroon Meer will be along in this week?s show to talk a bit about security product design. Canary has been remarkably restrained over the years. Instead of trying to use their success as a platform to launch a million other products, they?ve spent more time really working on design and usability. He?ll join us to talk through all of that.Patrick Gray on Twitter: "The final tweet. I LOVE it that Chris went down swinging. I've gotten to know him a little over the last year and a half, and yeah, he takes his job and mission extremely seriously. The USA has lost a true public servant." / Twitter Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters Lawmakers back CISA chief Krebs after report that he expects to be fired Trump goes to DEF CON to explain election loss - Risky Business After Trump tweets Defcon hacking video, voting security experts call BS | Ars Technica TikTok gets extensions on US sale order, ban enforcement The untold story of a cyberattack, a hospital and a dying woman | WIRED UK The ransomware landscape is more crowded than you think | ZDNet Video game company Capcom details attack, data breach by ransomware gang Recent ransomware wave targeting Israel linked to Iranian threat actors | ZDNet Australian government warns of possible ransomware attacks on health sector | ZDNet Microsoft says three APTs have targeted seven COVID-19 vaccine makers | ZDNet BlackBerry discovers new hacker-for-hire mercenary group | ZDNet Mac certificate check stokes fears that Apple logs every app you run | Ars Technica Apple lets some Big Sur network traffic bypass firewalls | Ars Technica How the U.S. Military Buys Location Data from Ordinary Apps Muslim Pro Stops Sharing Location Data After Motherboard Investigation The iOS Covid App Ecosystem Has Become a Privacy Minefield | WIRED Australia eyes payment card data for contact tracing - Risky Business Bumble Vulnerabilities Put Facebook Likes, Locations And Pictures Of 95 Million Daters At Risk Twitter hires influential hacker Peiter ?Mudge? Zatko as security boss SAD DNS: Researchers pull source code as DNS cache poisoning technique deemed ?too dangerous? | The Daily Swig SAD DNS Facebook link preview feature used as a proxy in website-scraping scheme | ZDNet FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme Hackers can use just-fixed Intel bugs to install malicious firmware on PCs | Ars Technica Citrix patches RCE flaw in SD-WAN Center that could lead to network takeover | The Daily Swig Google patches two more Chrome zero-days | ZDNet Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation | ZDNet
On this week?s show Patrick and Adam discuss the week?s security news, including:Zoom settles with FTC over misleading E2EE claim Some poor sod had to give up $1bn in Bitcoin Solaris SSH 0day? Let?s party like it?s 1999 Samy Kamkar?s latest trick: NAT Slipstreaming Australia?s hardcore critical infrastructure protection bill Much, much more
This week?s show is brought to you by Remediant. Company co-founder Paul Lanzi joins the show in this week?s sponsor interview to talk about how they?ve been helping companies recover from ransomware attacks. Maybe listen to this one. You know. Just in case you find yourself in that situation one day?Zoom settles FTC charges for misleading users about security features | ZDNet Someone has transferred ~$1 billion from a bitcoin wallet quiet since 2015 | Ars Technica The feds just seized Silk Road?s $1 billion stash of bitcoin | Ars Technica Hacker group uses Solaris zero-day to breach corporate networks | ZDNet NAT Slipstreaming hack tricks firewalls and routers | The Daily Swig Australia's hardcore critical infrastructure laws open to challenge - Risky Business 23,600 hacked databases have leaked from a defunct 'data breach index' site | ZDNet More suspected North Korean malware identified after US alert on Kimsuky hackers Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed The many personalities of Lazarus - Risky Business Windows 10, iOS, Chrome, and many others fall at China's top hacking contest | ZDNet Linux version of RansomEXX ransomware discovered | ZDNet Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments Building wave of ransomware attacks strike U.S. hospitals | Reuters Why Paying to Delete Stolen Data is Bonkers ? Krebs on Security Israeli companies targeted with new Pay2Key ransomware | ZDNet Capcom takes systems offline following cyber-attack | The Daily Swig Company that runs US illegal immigration detention centers discloses ransomware attack | ZDNet Ransomware Hits Dozens of Hospitals in an Unprecedented Wave | WIRED Italian beverage vendor Campari knocked offline after ransomware attack | ZDNet Compal, the second-largest laptop manufacturer in the world, hit by ransomware | ZDNet Toy maker Mattel discloses ransomware attack | ZDNet Wisconsin Republicans say last minute hack cost party $2 million meant to reelect Trump FBI: Hackers stole source code from US government agencies and private companies | ZDNet Pwned: Deloitte Hacker IQ game forced offline after hack | The Daily Swig Russian authorities make rare arrest of malware author | ZDNet CERT/CC launches Twitter bot to give security bugs random names | ZDNet Oracle publishes rare out-of-band security update for WebLogic servers | ZDNet Apple fixes three iOS zero-days exploited in the wild | ZDNet After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version | ZDNet Google?s Project Zero discloses Windows 0-day that?s been under active exploit | Ars Technica Google discloses Windows zero-day exploited in the wild | ZDNet Google patches second Chrome zero-day in two weeks | ZDNet ACOS/aGalaxy GUI RCE Vulnerability ? CVE-2020-24384 ? A10 Support Infamous ?Hoax? Artist Behind Trumpworld?s New Voter Fraud Claim (1) Matthew Gertz (@MattGertz) / Twitter
On this week?s show Patrick and Adam discuss the week?s security news, including:?Proud Boys? email campaign attributed to Iran in record time Sanctions for everyone! US doxes more adversary TTPs Katie Nickels and Chris Krebs join the show
This week?s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.CISA, FBI roll the dice on transparency - Risky Business Exclusive: 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources | Reuters FBI News Conference on Election Security | C-SPAN.org Iran?s bogus email campaign on U.S. elections had a Facebook disinformation prong Why the US was so fast to blame Iran for voter intimidation emails in Florida US Treasury sanctions 5 Iranian organizations for alleged election influence operations 'MuddyWater' spies suspected in attacks against Middle East governments, telecoms The US Sanctions Russians for Potentially ?Fatal? Triton Malware | WIRED EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack DOD, FBI, DHS warn of active North Korean government-linked hacking operation FBI, CISA: Russian hackers breached US government networks, exfiltrated data | ZDNet The Hunter Biden laptop could be fake. Or it could be real. We may never know. - The Washington Post Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election | Reuters Phishing groups are collecting user data, email and banking passwords via fake voter registration forms | ZDNet (1) John Hultquist on Twitter: "If the hackers claim to be criminal and there?s no way to pay them, that raises doubt. Likewise, if they claim to be ideological and ask for money..." / Twitter Justice Department official accuses China of acting as ?safe haven? for cybercriminals Dr. Reddy's shuts 'key' plants worldwide after potential cyberattack hits COVID work | FiercePharma Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts A Hacker Is Threatening to Leak Patients' Therapy Notes | WIRED Tech giants among those affected by breach at PDF signature software maker Nitro | The Daily Swig Massive Nitro data breach impacts Microsoft, Google, Apple, more 404 Error | Nitro Hacker steals $24 million from cryptocurrency service 'Harvest Finance' | ZDNet MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states | ZDNet (3) Patrick Gray on Twitter: "Wooo... about time" / Twitter Apple notarizes six malicious apps posing as Flash installers | ZDNet The Now-Defunct Firms Behind 8chan, QAnon ? Krebs on Security CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant Over 100 irrigation systems left exposed online without a password | ZDNet Microsoft launches machine learning cyber-attack threat matrix | The Daily Swig WordPress deploys forced security update for dangerous bug in popular plugin | ZDNet NSA whistleblower Edward Snowden granted permanent residency in Russia | ZDNet Process Herpaderping | herpaderping