Risky Business

Joe Slowik and Katie Nickels are guest co-hosts in this week’s edition of the show. They join Patrick Gray to talk about:

• Mimecast having some stolen certificate, errr, “problems”
• The confusing reports about JetBrains
• Analysis of the malware used in the SolarWinds campaign
• Australian man arrested in Germany and charged with running DarkMarket
• The Great Deplatforming of 2021

This week’s show is brought to you by Gigamon.

If you’re a Gigamon shop you should really take a look at their ThreatInsight platform, that’s a no brainer. Even if you’re not, they’re real players in the network detection and response space. Joining us in this week’s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.

Links to everything that we discussed are below and you can follow Patrick, Katie or Joe on Twitter if that’s your thing.

Show notes Mimecast says hackers abused one of its certificates to access Microsoft accounts | ZDNet JetBrains denies being involved in SolarWinds hack | ZDNet Federal courts are latest apparent victim of SolarWinds hack CISA: SolarWinds hackers also used password guessing to breach targets | ZDNet Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group | WIRED (1) New Message! SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack - CyberScoop Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources | Reuters DarkMarket: world's largest illegal dark web marketplace taken down | Europol Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That? Trump Is Permanently Suspended From Twitter Facebook bans Trump indefinitely; risks 'simply too great,' Zuckerberg says - CyberScoop Amazon boots Parler from web hosting service over violent content - CyberScoop Google removes Parler app from Play Store | ZDNet Twitter purges QAnon accounts; Facebook targets 'Stop the Steal' - CyberScoop Some ransomware gangs are going after top execs to pressure companies into paying | ZDNet Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data | WIRED Hackers can clone Google Titan 2FA keys using a side channel in NXP chips | Ars Technica Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor | The Daily Swig Telegram feature exposes your precise address to hackers | Ars Technica WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app | Ars Technica More Chinese apps attract a ban from a presidential administration on the way out China CCP to Nationalize Jack Ma's Alibaba and Ant Group - Report CES 2021: Intel adds ransomware detection capabilities at the silicon level | ZDNet Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes | Threatpost Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks | The Daily Swig Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon