Risky Business

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.



Risky Business #616 -- Exchange 0day party time for Chinese APT crew

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Chinese APT crew goes berserk with Exchange 0day
  • Russia hacks Ukraine and USA, India hacks China, China hacks India
  • The NYTimes got something big wrong again (shock horror)
  • CANVAS exploit pack leaks, including their sweet, sweet Spectre exploit
  • Atlantic Council report into offensive capability vendors/contractors
  • Your vCentre gear it probably already on fire: find out why!
  • Much, much more

This week’s show is brought to you by Yubico, the makers of the Yubikey.

Yubico CTO Jerrod Chong will be along in this week’s sponsor interview to talk about “passwordless authentication”. Some organisations have a pretty bad understanding of what passwordless is, while other organisations are running into the mountains to avoid even thinking about it. But with hardware supported WebAuthn becoming pretty much ubiquitous, Jerrod thinks a tipping point is coming. Also, they’ve launched passwordless auth for AzureAD.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Microsoft says China-backed hackers are exploiting Exchange zero-days | TechCrunch Orange Tsai ???? on Twitter: "The patch release of this BIG ONE is coming soon, and a short advisory is also standing by! (BTW, no one guess the right target in comments????)" / Twitter HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn | WIRED Suspected China-linked hackers targeted India's energy sector, research suggests China Appears to Warn India: Push Too Hard and the Lights Could Go Out - The New York Times No 'Sabotage' Behind Mumbai Power Outage, Chinese Hacking Attempt a Month Later: Power Minister Indian cyber-espionage activity rising amid growing rivalry with China, Pakistan | The Daily Swig Chinese cyberspies targeted Tibetans with a malicious Firefox add-on | ZDNet Ukraine says Russia hacked its document portal and planted malicious files | Ars Technica Ege Balcı on Twitter: "OMG !! Rumors are real???????? Immunity CANVAS 7.26 exploit pack is leaked. More than 800 1days and weaponized spectre exploit. https://t.co/N14QjMlKtD" / Twitter First Fully Weaponized Spectre Exploit Discovered Online | The Record by Recorded Future daveaitel on Twitter: "Just some random video that MAY or MAY NOT be interesting to you! :)" / Twitter More Zero-Days Have Been Linked to Private Companies Than Any Nation State | The Record by Recorded Future Countering cyber proliferation: Zeroing in on Access-as-a-Service - Atlantic Council More than 6,700 VMware servers exposed online and vulnerable to major new bug | ZDNet Far-Right Platform Gab Has Been Hacked—Including Private Data | WIRED Rookie coding mistake prior to Gab hack came from site’s CTO | Ars Technica Universal Health Services reports $67 million in losses after apparent ransomware attack Payroll/HR Giant PrismHR Hit by Ransomware? — Krebs on Security Is Your Browser Extension a Botnet Backdoor? — Krebs on Security Suspicious finds: Researcher discovers Go typosquatting package that relays system information to Chinese tech firm | The Daily Swig Microsoft shares tool to hunt for compromise in SolarWinds breach Biden signs executive order demanding supply chain security review H2C smuggling named top web hacking technique of 2020 | The Daily Swig Hackers release a new jailbreak tool for almost every iPhone | TechCrunch Yubico | #YubiKey on Twitter: "????We've reached a new milestone in our #passwordless journey! Today, #YubiKey passwordless authentication is now generally available to @Microsoft’s #AzureAD users, a critical step toward achieving better security without compromising usability. https://t.co/u892JFipR9" / Twitter


 2021-03-03  n/a