Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #634 -- Major hacks to shake up Belarusian KGB
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:
- The United States backing away from “releasing the hounds”
- Apple has dropped its lawsuit against Corellium
- “Activists” dox Belarusian security apparatus
- Another sign hiding IR reports behind legal privilege is looking shaky
- Apple implements new child protection tech
- Much, much more
After this week’s news we’ll hear from Matt Cauthorn from ExtraHop Networks in this week’s sponsor interview. We’ll be talking about ransomware hack and leak and about how ransomware crews are losing credibility. You used to be able to actually trust them to just unlock you or keep your data private, but that’s not so much the case anymore.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes Srsly Risky Biz: Thursday 8 August - by Tom Uren - Seriously Risky Business Disgruntled ransomware affiliate leaks the Conti gang's technical manuals - The Record by Recorded Future Step 1: Do a Google search. Ransomware hacker goes rogue, leaks gang's plan. Meet Prometheus, the secret TDS behind some of today's malware campaigns - The Record by Recorded Future Ransomware Gangs and the Name Game Distraction – Krebs on Security Motherboard vendor GIGABYTE hit by RansomExx ransomware gang - The Record by Recorded Future Wuhan lab: In Covid origins hunt, US intel agencies scour reams of genetic data from China - CNNPolitics Chinese cyber spies targeted Israel posing as Iranian hackers - The Record by Recorded Future Tadeusz Giczan on Twitter: "A short thread about what is perhaps the most successful cyber attack in the history of any nation state conducted by a group called “Belarusian Cyber-partisans”. Last month they hacked the servers of Belarusian police and the Interior Ministry. 1/6 https://t.co/3QPaEYHten" / Twitter Belarusian Cyber-Partisans (@cpartisans) / Twitter Seeking Change, Anti-Lukashenka Hackers Seize Senior Belarusian Officials’ Personal Data Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants Surprise Capital One court decision spells trouble for incident response - Risky Business Scammers Will Ban Anyone From Instagram For $60 Instagram Shuts Down Fake Likes Factory Apple will reject demands to use CSAM system for surveillance Edward Snowden on Twitter: "@alexstamos @matthew_d_green Step 1.6 is NCMEC shrugging, deflecting by saying "hash collision?" And then the FBI makes an arrest since, by asking WTF, your company just confirmed a hit on the hash (since otherwise you wouldn't have been able to see the image was BS)." / Twitter Apple drops copyright lawsuit against Corellium - 9to5Mac Routers and modems running Arcadyan firmware are under attack - The Record by Recorded Future Microsoft announces new 'Super Duper Secure Mode' for Edge - The Record by Recorded Future Apple fixes AWDL bug that could be used to escape air-gapped networks - The Record by Recorded Future Microsoft to require admin rights before using Windows Point and Print feature - The Record by Recorded Future Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown | Ars Technica Amazon Kindle Hack Needs Just One Evil Ebook To Take Over Your Ereader—And Maybe Your Amazon Account Too ‘A whole new attack surface’ – Researcher Orange Tsai documents ProxyLogon exploits against Microsoft Exchange Server | The Daily Swig Black Hat USA: Downgrade attack against Let’s Encrypt lowers the bar for printing fraudulent SSL certificates | The Daily Swig Messaging Apps Have an Eavesdropping Problem | WIRED Black Hat USA: HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks | The Daily Swig Black Hat USA 2021: Lessons to learn from the aviation sector after Biden mandates cyber-attack investigatory body | The Daily Swig Amazon and Google patch major bug in their DNS-as-a-Service platforms - The Record by Recorded Future Newsmax, OANN sued by maker of voting machines Robᵉʳᵗ Graham @ Sioux Falls cyber symposium on Twitter: "1/n If you are wondering if there will be anybody at Mike Lindell's cybersymposium who can confirm or refute his "packet captures", well, there's going to be me. I'm a well-known expert on packet captures, and somewhat knowledgeable about election systems. https://t.co/PGioDBZ47B" / Twitter