Risky Business #709 -- Cl0p goes berserk with MOVEit 0day
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Russia’s FSB uncovers “NSA malware” on iPhones
- Cl0p mass harvests data from MOVEit file transfer servers
- ASD discloses a bunch of operations against ISIS, criminals
- Why China’s prepositioning is probably… prepositioning
- Much, much more
This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Russia says US hacked thousands of Apple phones in spy plot | Reuters
- Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign
- Russia wants 2 million phones with home-grown Aurora OS for use by officials
- Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком
- Why China's Latest APT Campaign is Legitimately Worrying
- War crimes committed through cyberspace must not escape international justice, says Estonian president
- Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED
- How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News
- Australian intelligence's secret hand in bringing down the Bali bombers - ABC News
- Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter
- What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive
- metlstorm: "Great, so now I have to roll i…" - Infosec Exchange
- Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange
- Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica
- Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
- Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security
- Wayback Machine
- Discord Admins Hacked by Malicious Bookmarks – Krebs on Security
- Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica
- How university cybersecurity clinics can help cities fight ransomware | CyberScoop
- Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter
- BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange
- Thinkst
