Risky Business

On this week’s show Patrick Gray, Adam Boileau and Chris Krebs discuss the week’s security news, including:

• An analysis of the Colonial pipeline ransomware attack
• More ransomware news
• UK and US expose APT29’s preferred exploits (again)
• IntrusionTruth drops a new post
• 128m Apple devices were hit by XCodeGhost
• Much, much more

This week’s sponsor interview is with Aaron Parecki, a Senior Security Architect at Okta. He’s also been a spec editor and member of the oath working group at IETF for nearly 11 years, so he knows a thing or two about OAuth. He’ll be joining me after the week’s news to talk through the latest OAuth guidance the IETF is going to release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Biden: No evidence Russian government is involved in Colonial ransomware attack | The Record by Recorded Future 15% of 2020 ransomware payments carried a sanctions violations risk | The Record by Recorded Future A Closer Look at the DarkSide Ransomware Gang – Krebs on Security US fuel pipeline hackers 'didn't mean to create problems' - BBC News FBI blames DarkSide ransomware operators for Colonial Pipeline incident - CyberScoop Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent - CyberScoop US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules - CyberScoop Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption - Zero Day The Colonial Pipeline Hack Is a New Extreme for Ransomware | WIRED City of Tulsa hit by ransomware over the weekend | The Record by Recorded Future Wave of Avaddon ransomware attacks triggers ACSC, FBI warning | The Record by Recorded Future Ransomware crooks post cops’ psych evaluations after talks with DC police stall | Ars Technica Court Authorizes Service of John Doe Summons Seeking Identities of U.S. Taxpayers Who Have Used Cryptocurrency | OPA | Department of Justice UK and US share more vulnerabilities exploited by Russia's APT29 hackers | The Record by Recorded Future Intrusion Truth details work of suspected Chinese hackers who are under indictment in US SolarWinds says fewer than 100 customers were impacted by supply chain attack | The Record by Recorded Future US spy agencies review software suppliers' ties to Russia following SolarWinds hack Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet | WIRED 'Conspiracy is hard': Inside the Trump administration's secret plan to kill Qassem Soleimani FragAttacks: Security flaws in all Wi-Fi devices WiFi devices going back to 1997 vulnerable to new Frag Attacks | The Record by Recorded Future An estimated 30% of all smartphones vulnerable to new Qualcomm bug | The Record by Recorded Future New TsuNAME bug can be used to DDoS key DNS servers | The Record by Recorded Future Google to make multi-factor authentication its default mode Chinese military unit accused of cyber-espionage bought multiple western antivirus products | The Record by Recorded Future Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse | Ars Technica DOD expands vulnerability disclosure program, giving hackers more approved targets Google and Mozilla will bake HTML sanitization into their browsers | The Daily Swig Scammer Used Fake Court Order to Take Over Dark Web Drug Market Directory