Risky Business #631 -- USA and friends send nastygram to China
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:
- USA and friends send a sternly worded letter
- NSO group in the news, but parts of the coverage don’t add up
- Google TAG drops another great post
- We unveil the details of the earth shattering Kaseya 0day cyberweapon
- MORE
This week’s show is brought to you by Signal Sciences, which is now a part of Fastly. Instead of booking an interview with one of their staff, they suggested we interview one of their customers – so this week’s sponsor guest is J J Agha, the CISO of Compass, the American real estate website.
He’ll be joining us to talk about his general approach, and yes, Signal Sciences is a part of that, but he’ll speak to automation and orchestration and a bunch of other stuff too.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China | The White House
- Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks - The Washington Post
- US says Chinese hackers breached 13 pipeline operators between 2011 and 2013 - The Record by Recorded Future
- U.S. accuses China of abetting ransomware attack
- Microsoft links Serv-U zero-day attacks to Chinese hacking group - The Record by Recorded Future
- Pegasus: NSO clients spying disclosures prompt political rows across world | India | The Guardian
- Pegasus spyware: NSO Group’s cloud infrastructure shut down by Amazon, says Vice
- Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests | Jamal Khashoggi | The Guardian
- Response from NSO and governments | World news | The Guardian
- This tool tells you if NSO’s Pegasus spyware targeted your phone | TechCrunch
- Windows spyware and zero-days linked to prodigious Israeli hack-for-hire company - The Record by Recorded Future
- Google: Three recent zero-days have been used against Armenian targets - The Record by Recorded Future
- The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones | WIRED
- How we protect users from 0-day attacks
- Google patches Chrome zero-day, eighth one in 2021 - The Record by Recorded Future
- That iPhone WiFi crash bug is far worse than initially thought - The Record by Recorded Future
- Brian in Pittsburgh on Twitter: "The vulnerabilities exploited to accomplish the Kaseya customer intrusions were as dumb as you were probably expecting: https://t.co/eOnManp6ar" / Twitter
- Ransomware incident at major cloud provider disrupts real estate, title industry - The Record by Recorded Future
- Lawmakers Look to Improve Cyber Workforce, Especially for Acquisitions - Nextgov
- GSA blocks senator from reviewing documents used to approve Zoom for government use | TechCrunch
- TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware
- US offers $10 million reward for info on state-sponsored hackers disrupting critical infrastructure - The Record by Recorded Future
- US government launches plans to cut cybercriminals off from cryptocurrency
- Microsoft takes control of 17 domains used by West African BEC gang - The Record by Recorded Future
- Momentum builds on federal oversight of facial recognition tech after reported abuses
- Amnesty sues NYPD, seeking details about facial recognition technology and arrest data
- Windows Hello bypassed using infrared image - The Record by Recorded Future
- Inside the Industry That Unmasks People at Scale
- Instagram rolls out new tool to help users secure hacked accounts - The Record by Recorded Future
- Facebook says Iranian hackers used it to lure defense company employees
- Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
- DevSecAI: GitHub Copilot prone to writing security flaws | The Daily Swig
- Hackers Move to Extort Gaming Giant EA
- RCE vulnerability in Cloudflare CDN could have allowed complete compromise of websites | The Daily Swig
- Patrick Gray on Twitter: "Good to know!" / Twitter
- Kevin Beaumont on Twitter: "Oh dear. I need to validate this myself, but it seems like MS may have goofed up and made the SAM database (user passwords) accessible to non-admin users in Win 10." / Twitter
- Vortimo [www] – Pro browser extension
- Demand More from Your WAF - Signal Sciences