Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack
On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:
- Twitter bluechecks face phishing barrage
- Australian government goes berserk on Medibank hack response
- Former WSJ journalist sues law firm over email hack and info op that got him fired
- OpenSSL bug lands with a whimper
- Apple macOS Ventura update breaks security tools
- Much, much more
This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Twitter’s verification chaos is now a cybersecurity problem | TechCrunch
- Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica
- Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post
- Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters
- The source - Columbia Journalism Review
- Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig
- OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig
- Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future
- Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future
- Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future
- NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future
- Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED
- Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future
- How Vice Society Got Away With a Global Ransomware Spree | WIRED
- FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future
- Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig
- Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica
- Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security
- Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica
- Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future
- Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig
- Microsoft's Sociopathic Cybersecurity Pedantry
- Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future
- Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security
- European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future
- How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica
