Risky Business

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.

On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:

• The Biden White House’s executive order on spyware
• Why the infosec community writ large is wrong on TikTok
• Clop campaign: it’s time to ditch your file transfer gateways
• Major Android app booted from store because it was full of 0day privesc exploits lol
• More detail on the BreachForums admin arrest
• Much, much more

This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.

Show notes

• At least 50 U.S. government employees hit with spyware, White House says
• Kevin McCarthy says House 'will be moving forward' with TikTok legislation
• US lawmakers tell TikTok CEO the app ‘should be banned’
• Between Two Nerds: The Real Problem with TikTok - Risky Business
• New victims come forward after mass-ransomware attack | TechCrunch
• UK Pension Protection Fund latest victim of GoAnywhere hack
• Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News
• Fortra told breached companies their data was safe | TechCrunch
• When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT
• City of Toronto and Virgin confirm hackers accessed data through file transfer systems
• Tasmania investigating attack after Clop ransomware group adds to victim list
• Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian
• Android app from China executed 0-day exploit on millions of devices | Ars Technica
• Telecom giant Lumen says it discovered two separate cyber intrusions
• Tennessee city hit with ransomware attack
• FBI, CISA investigating cyberattack on Puerto Rico’s water authority
• British hospital investigating impact of ‘contained’ cyber incident
• Largest telecom in Guam starts restoring services after cyberattack
• Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say
• UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data
• How the FBI caught the BreachForums admin | TechCrunch
• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
• North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign
• North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED
• “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News
• Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist
• Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch