Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• The latest on the Exchange tyre fire
• Lawmakers in the USA have had enough of Microsoft’s ridiculous licensing tiers
• White House mulls software security rating system
• Joseph Cox’s SMS adventures
• Things didn’t quite work out for APT6920 Arson Cats
• Much, much more

This week’s show is brought to you by VMRay. They asked us to interview one of their customers in this week’s sponsor segment so Brad Marr, the CISO of Life Fitness, pops in to walk through his VMRay use case.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes No signs yet of Exchange Server compromises at federal agencies, CISA says At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns - CyberScoop Up To 125,000 Servers Remain Vulnerable To Devastating Microsoft Exchange Attacks A hacking group is hijacking Microsoft Exchange web shells | The Record by Recorded Future Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs | The Record by Recorded Future Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers | The Record by Recorded Future There’s a vexing mystery surrounding the 0-day attacks on Exchange servers | Ars Technica Critics fume after Github removes exploit code for Exchange vulnerabilities | Ars Technica Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers | Reuters Biden administration mulls software security grades after SolarWinds Russia's Putin likely directed 2020 election meddling, U.S. finds | Reuters FBI alert warns of Russian, Chinese use of deepfake content A Hacker Got All My Texts for $16 Hackers access security cameras inside Cloudflare, jails, and hospitals | Ars Technica Alleged Hacker Who Broke Into AI Surveillance Company Raided By Police Tampa Twitter hacker agrees to three years in prison Google, Linux Foundation, Red Hat release free tool to secure software supply chains | The Record by Recorded Future Signal is down in China after 100 million reported downloads Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App Indicted CEO of Encrypted Phone Firm 'Sky' Says He Will Clear His Name Buffalo Public Schools cancels classes after cyberattack FBI warns of escalating Pysa ransomware attacks on education orgs Molson Coors beer production disrupted after cyberattack | The Record by Recorded Future Spanish government falls victim to Ryuk ransomware attack | The Record by Recorded Future ZHtrap botnet deploys honeypots to trap&steal bots from rivals | The Record by Recorded Future $5.7M stolen in Roll crypto heist after hot wallet hacked | TechCrunch Two cryptocurrency portals are experiencing a DNS hijack at the same time | The Record by Recorded Future WeLeakInfo Leaked Customer Payment Info — Krebs on Security Security agencies leak sensitive data by failing to sanitize PDF files | The Record by Recorded Future Critical 0-day that targeted security researchers gets a patch from Microsoft | Ars Technica F5 releases patches for nearly two dozen vulnerabilities, some critical Git vulnerability could enable remote code execution attacks during clone process | The Daily Swig