Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

• More info on the Belarusian Cyber Patriots
• How infosec overhyped election security risks
• Is data ransoming dying?
• All about the Azure Cosmos DB drama
• Much, much more…

In this week’s sponsor interview Airlock Digital’s Daniel Schell and David Cottingham join the show to talk about EDR bypasses. They are a thing.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• Belarusian hackers are turning the country's surveillance state against it | MIT Technology Review
• A new wave of Hacktivists is turning the surveillance state against itself - The Record by Recorded Future
• Trump conspiracies strain election cybersecurity experts
• T-Mobile CEO apologizes after hacker stole millions of users' personal information
• Bangkok Air confirms passenger PII leak after ransomware attack - The Record by Recorded Future
• Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners' home addresses in Google Earth • The Register
• Hackers steal $29 million from crypto-platform Cream Finance - The Record by Recorded Future
• U.S. spy agencies rule out possibility the coronavirus was created as a bioweapon, say origin will stay unknown without China’s help - The Washington Post
• Australia's 'hacking' Bill passes the Senate after House made 60 amendments | ZDNet
• White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending
• CISA adds single-factor authentication to its catalog of 'Bad Practices' - The Record by Recorded Future
• DHS urges Microsoft customers to update Azure to avoid security flaw
• Microsoft Azure vulnerability exposed thousands of cloud databases
• CISA and the FBI warn of ransomware gangs' tendency of launching attacks over holidays and weekends - The Record by Recorded Future
• FBI warns that Hive ransomware hackers are calling victims by phone
• Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution | The Daily Swig
• A Dark Web Murder-For-Hire Scammer Became An FBI Informant
• WhatsApp, Facebook, and Twitter fined for not storing user data inside Russia - The Record by Recorded Future
• A Bad Solar Storm Could Cause an 'Internet Apocalypse' | WIRED
• Trial & Error in Kuwait - CyberScoop
• How Data Brokers Sell Access to the Backbone of the Internet
• Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents – Krebs on Security
• Front Matter | Understanding and Managing Risk in Security Systems for the DOE Nuclear Weapons Complex: (Abbreviated Version) | The National Academies Press
• JCP | Free Full-Text | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors | HTML