Risky Business

Risky Business

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

https://risky.biz/

News Tech News
Technology
subscribe
share






claim!
report

Risky Business #698 -- Why LastPass was probably DPRK*

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why the White House’s cybersecurity strategy is actually quite good
  • The LastPass breach was probably DPRK
  • UEFI bootkits are going downmarket, and this is bad
  • GitHub will scan repos for secrets
  • A look at some interesting DJI drone research
  • Much, much more

This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

Show notes
  • Risky Biz News: White House unveils National Cybersecurity Strategy
  • White House looks to put cybersecurity pressure on companies
  • Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop
  • Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch
  • LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
  • Give Me E2EE or Give Me Death - by Tom Uren
  • Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica
  • GitHub’s secret scanning alerts now available for all public repos
  • This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED
  • Hackers steal gun owners’ data from firearm auction website | TechCrunch
  • New ATM Malware 'FiXS' Emerges - SecurityWeek
  • US government warns Royal ransomware is targeting critical infrastructure | TechCrunch
  • Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web
  • Hospital Clínic de Barcelona severely impacted by ransomware attack
  • Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area
  • Salt Labs | Traveling with OAuth - Account Takeover on Booking.com
  • Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica
  • The life-upending flaw that USPS won’t fix | TechCrunch
  • Powerful Meta large language model widely available online | CyberScoop
  • We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig

fyyd: Podcast Search Engine
share








 March 8, 2023  1h0m