Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• US sanctions NSO, Candiru, COSEINC and Positive Technologies
• We wrap up the action in ransomware
• Why exploit tournaments are boring in America and exciting in China
• More malicious npm packages in the wild
• Pentagon updates CMMC to 2.0
• Much, much more

We’ll hear from Corelight’s CISO Bernard Brantley in this week’s sponsor interview. We’re talking about how attackers think in graphs and defenders think in lists.. Microsoft’s John Lambert wrote a post about that back in 2015, and Bernard joins the show this week to talk about why it’s just as relevant as ever. Stick around for that one.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• U.S. sanctions Israel’s NSO Group over Pegasus spyware - The Washington Post
• Risky Business #310 -- Export exploits? Wassenaar says no - Risky Business
• Positive Technologies says US sanctions had little or no effect on its business - The Record by Recorded Future
• Hungarian official confirms government bought and used Pegasus spyware - The Record by Recorded Future
• NSO's Pegasus spyware found on the devices of six Palestinian activists - The Record by Recorded Future
• “A grim outlook”: How cyber surveillance is booming on a global scale | MIT Technology Review
• Spyware providers are flocking to international arms fairs to sell to NATO foes
• Ukraine discloses identity of Gamaredon members links it to Russia's FSB - The Record by Recorded Future
• PRC says FCC decision to pull China Telecom license was ‘based on suspicion,’ not facts - The Record by Recorded Future
• China says a foreign spy agency hacked its airlines, stole passenger records - The Record by Recorded Future
• Hackers with Chinese links breach defense, energy targets, including one in US
• Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits | The Daily Swig
• House approves massive infrastructure plan that includes $1.9 billion for cybersecurity - The Record by Recorded Future
• Malware found in coa and rc, two npm packages with 23M weekly downloads - The Record by Recorded Future
• Pentagon issues revised cyber standards for contractors - The Record by Recorded Future
• Hacker steals $55 million from bZx DeFi platform - The Record by Recorded Future
• Suspect in scheme to breach major Twitter accounts is now charged with hacking crypto executives
• Scammer Convinced Instagram That Its Top Executive Was Dead
• GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps - The Record by Recorded Future
• Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features | The Daily Swig
• US offers $10 million reward for info on Darkside ransomware group - The Record by Recorded Future
• Hackers Apologize to Arab Royal Families for Leaking Their Data
• A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked - The Washington Post
• BlackMatter ransomware says its shutting down due to pressure from local authorities - The Record by Recorded Future
• CERT-France: Lockean ransomware group behind attacks on French companies - The Record by Recorded Future
• The ‘Groove’ Ransomware Gang Was a Hoax – Krebs on Security
• Ransomware crackdown spreads in U.S., Europe and Asia
• US Treasury sanctions crypto-exchange Chatex for links to ransomware payments - The Record by Recorded Future
• Shared/Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.md at master · JohnLaTwC/Shared · GitHub
• Compare to open source Zeek