Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The Citrixbleed ransomware crisis
• Why the FBI hasn’t arrested Scattered Spider members
• DPRK is in your supply chains
• Microsoft has a brainwave and buys a HSM
• When civil war meets pig butchering
• Much, much more

This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• ‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
• Australian ports operator recovering after major cyber incident
• Minister lashes DP World hack failure
• Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters
• Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states | CNN Politics
• Fidelity National Financial investigating cyberattack that led to service disruption | Cybersecurity Dive
• Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS
• North Texas water utility serving 2 million hit with cyberattack
• Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack
• High-profile ransomware gang suspects arrested in Ukraine
• FBI struggled to disrupt dangerous casino hacking gang, cyber responders say | Reuters
• Chinese spies had acces to Dutch chip maker NXP's systems for over two years: report | NL Times
• North Korean supply chain attacks prompt joint warning from Seoul and London
• North Korean attack on CyberLink impacted devices around the world, Microsoft says
• North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware
• Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
• (14) Microsoft Should Look to the Past for Its Security Future
• Sacked Ukrainian cyber chief released on bail amid corruption probe
• Second top Ukrainian cyber official arrested amid corruption probe
• Report claims to reveal identity of Russian hacktivist leader
• Rebel offensive in Myanmar takes aim at online scam industry
• Myanmar Rebel Offensive Helps China's Cybercrime Crackdown
• Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop
• Nearly two dozen Danish energy companies hacked through firewall bug in May
• Senate proposes surveillance bill without FBI warrant requirement
• The FCC says new rules will curb SIM swapping. I’m pessimistic | Ars Technica
• EU urged to drop new law that could allow member states to intercept and decrypt global web traffic
• Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog
• Spavor blames fellow prisoner Kovrig for Chinese detention, alleges he was used for intelligence gathering - The Globe and Mail
• The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED