Risky Business

On this week’s show Dmitri Alperovitch, Sherrod DeGrippo and Joe Slowik join host Patrick Gray to talk through the week’s news:

• MalwareBytes the latest victim in the increasingly poorly-named “SolarWinds campaign”
• FireEye issues helpful guidance, tools, to help orgs detect “golden SAML” and related techniques
• Rob Joyce, Anne Neuberger, Michael Sulmeyer all get promoted! Wooo!
• Much, much more

This week’s show is brought to you by Airlock Digital. They make what we’re calling an execution control platform. Its central feature is easy-to-use and hard-to-bypass allowlisting. It’s a bunch of sensible and useable controls packaged up into a 7Mb. It slices, it dices, it slays lolbins and user powershell rights, and it comes in a beautiful suede pouch! It’s the endpoint protection you get when it’s built by practitioners in concert with people who actually understand windows internals. That’s right! Patrick is drinking the Kool-Aid on this one! Airlock founders Dave Cottingham and Daniel Schell join in this week’s sponsor interview to talk through allow-listings second wave of popularity.

Links to everything are below!

Show notes Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet Fourth malware strain discovered in SolarWinds incident | ZDNet FireEye releases tool for auditing networks for techniques used by SolarWinds hackers | ZDNet Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine | Ars Technica Rob Joyce named new NSA cybersecurity director - CyberScoop Biden team taps NSA Cybersecurity Director Anne Neuberger for NSC - CyberScoop Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig Airbnb to Cancel All DC Bookings in Inauguration Week CISA tells agencies to consider ad blockers to fend off 'malvertising' Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet Iranian cyberspies behind major Christmas SMS spear-phishing campaign | ZDNet Joker's Stash, the internet's largest carding forum, is shutting down | ZDNet After judge orders release of hacker tied to ISIS, US says 'Not so fast' A security researcher commandeered a country’s expired top-level domain to save it from hackers | TechCrunch Scam-as-a-Service operation made more than $6.5 million in 2020 | ZDNet Signal endures 'technical difficulties' amid new popularity - CyberScoop Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware | The Daily Swig Critical zero-day RCE in Microsoft Office 365 awaits third security patch | The Daily Swig FBI investigating whether woman stole laptop from Pelosi's office to sell it to Russia - POLITICO Linux Mint fixes screensaver bypass discovered by two kids | ZDNet Text of a Letter to the Speaker of the House of Representatives and the President of the Senate | The White House Request an Airlock Product Demonstration - Airlock Digital