Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• The latest news on the health system ransomware crisis in Ireland
• TSA to force pipeline operators to disclose attacks they probably aren’t detecting anyway
• Colonial paying ransom angers US congresspeople who really haven’t thought this through
• Iran targets Israeli systems with new wipers
• Israel targets Hamas systems with guided munitions that go bang
• Much, much more

This week’s sponsor guest is Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint. He joins us to talk about how compromised o365 accounts are powering all sorts of threat actors right now – from ransomware operators to BEC crews and APT units, everyone loves a popped mailbox.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes U.S. didn’t hack DarkSide group that hacked Colonial Pipeline - The Washington Post Hear ye, DarkSide! This honorable ransomware court is now in session | Ars Technica Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment TSA to issue cyber directive for pipeline operators following Colonial ransomware attack Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident (2) hakan on Twitter: "So, one hour ago CONTI apparently decided to provide HSE with a free decryption tool, as per their statement (see screenshot. https://t.co/lyIuBoN6XP" / Twitter Irish officials analyze decryption tool as long recovery process from ransomware continues FBI: Conti ransomware gang attacked more than 400 orgs, including 911 centers | The Record by Recorded Future Cyber insurance premiums rise as ransomware, hacks continue, GAO finds New Iranian threat actor targets Israel with wipers disguised as ransomware | The Record by Recorded Future Microsoft warns of malware campaign spreading a RAT masquerading as ransomware | The Record by Recorded Future Israel bombed two Hamas cyber targets | The Record by Recorded Future Israel Is a Cyber Superpower But Chooses Bombs to Fight Hackers in Gaza FSB NKTsKI: Foreign 'cyber mercenaries' breached Russian federal agencies | The Record by Recorded Future How Hydra, a Russian dark net market, made more than $1 billion in 2020 Air India says data breach impacts 4.5 million former passengers | The Record by Recorded Future The Full Story of the Stunning RSA Hack Can Finally Be Told | WIRED Nagios IT monitoring vulnerabilities chained to compromise telco customers en masse | The Daily Swig Open source ecosystem ripe for dependency confusion attacks, research finds | The Daily Swig DeepSloth: Researchers find denial-of-service equivalent against machine learning systems | The Daily Swig Chinese governments has warned 222 apps to remove data slurping code | The Record by Recorded Future Just a handful of Android apps exposed the data of more than 100 million users | The Record by Recorded Future Microsoft releases SimuLand, a lab environment to simulate attacker tradecraft | The Record by Recorded Future WordPress security: More than 600,000 sites hit by blind SQLi vulnerability in WP Statistics plugin | The Daily Swig Arm and Qualcomm zero-days quietly patched in this month's Android security updates | The Record by Recorded Future Vulnerability in VMware product has severity rating of 9.8 out of 10 | Ars Technica Apple fixes macOS zero-day abused by XCSSET malware | The Record by Recorded Future So long, Internet Explorer, and your decades of security bugs | TechCrunch Webinar Registration - Zoom