Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Ubiquiti insider blows whistle on breach
• Cyber insurer ransomwared
• Project Zero burned a Western counterterrorism operation
• Australian parliament, media, politicians all under attack
• Executive Order would require vendors to notify US government of incidents
• Much, much more…

This week’s sponsor guest is a special one. Metasploit creator and Rumble.run founder HD Moore will join us to talk all about his new venture, the Rumble asset discovery tool. It’s an absolutely fantastic interview, as you’d expect from HD.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security SHAREHOLDER ALERT: Ubiquiti, Inc. Investigated for Possible Securities Laws Violations by Block & Leviton LLP; Investors Should Contact the Firm Ubiquiti tells customers to change passwords after security breach | ZDNet Top insurer CNA disconnects systems after cyberattack London's biggest school trust hit by ransomware | The Record by Recorded Future Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion Nine says it has isolated source of cyber attack Cyber attack on Channel Nine: Government assistance requested by network Nine Entertainment warns ransomware recovery 'will take time' - Security - iTnews AFP, NSW Police investigating cyber attack on Nine 'State actor' behind Nine Network cyber attack, , tech expert says Australia investigates reported hacks aimed at parliament, media Australian Minister’s Phone Hacked as Report Reveals Hong Kong Link Australian ministers are targets in Telegram phishing scam, Australia/NZ News & Top Stories - The Straits Times Hackers target German lawmakers in an election year Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters Facebook disrupts Beijing's Uyghur hacking campaign | The Record by Recorded Future Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy | MIT Technology Review Apple releases iPhone, iPad and Watch security patches for zero-day bug under active attack | TechCrunch US lacks visibility into digital espionage at home, NSA boss says The Dark Web Is Teeming With Vaccine Listings Right Now | WIRED Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation New 5G protocol vulnerabilities allow location tracking | The Record by Recorded Future PHP's Git server hacked to add backdoors to PHP source code SSRF vulnerability in NPM package Netmask impacts up to 279k projects | The Daily Swig H2C smuggling proves effective against Azure, Cloudflare Access, and more | The Daily Swig Security researcher launches GoFundMe campaign to fight legal threat over vulnerability disclosure | The Daily Swig Cloudflare launches JavaScript dependency dashboard utility to warn against Magecart-style malfeasance | The Daily Swig Microsoft Teams is the first target for new app-focused bug bounty program | The Daily Swig Slack Says Letting Anyone Message Anyone With Few Limits Was ‘a Mistake’ No, I Did Not Hack Your MS Exchange Server — Krebs on Security