Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• The log4j bug wrap
• The ransomware wrap
• The human rights and surveillance industry wrap
• Research and carnage wrap

This week’s show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you’re about to hear they’ve now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched in a few weeks.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• FTC warns companies to remediate Log4j security vulnerability | Federal Trade Commission
• Srsly Risky Biz: Thursday December 16
• The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review
• Propane distributor Superior Plus admits ransomware breach | The Daily Swig
• Ransomware attack threatens paychecks just before Christmas
• Cyberattack on one of Norway’s largest media companies shuts down presses - The Record by Recorded Future
• Photography site Shutterfly is dealing with a ransomware attack - CyberScoop
• Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel - The Record by Recorded Future
• US food importer Atalanta admits ransomware attack | The Daily Swig
• The FBI believes the HelloKitty ransomware gang operates out of Ukraine - The Record by Recorded Future
• Ransomware affiliate arrested in Romania - The Record by Recorded Future
• Iranian hackers behind Cox Media Group ransomware attack - The Record by Recorded Future
• Israeli newspaper Jerusalem Post is hacked, website defaced to include threats
• Iranian Hackers Abuse Slack For Cyber Spying
• Why Wall Street is worried about state and local government cybersecurity - The Record by Recorded Future
• North Korean hackers target Russian diplomats using New Year greetings - The Record by Recorded Future
• Egyptian Politician Hacked by 2 Government Hacking Groups, Researchers Say
• Saudi women's rights activist says phone hack by U.S. contractors led to arrest -lawsuit | Reuters
• UAE agency put Pegasus spyware on the phone of Hanan Elatr, Jamal Khashoggi’s wife - Washington Post
• A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists | TechCrunch
• Facebook says 50,000 users were targeted by cyber mercenary firms in 2021 | MIT Technology Review
• Encrypted Phone Company Backdoored by FBI Will Lead to 'Years' of Arrests
• Russian hackers bypass 2FA by annoying victims with repeated push notifications - The Record by Recorded Future
• More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild - The Record by Recorded Future
• Facebook expands bug bounty program to cover scraping attacks - The Record by Recorded Future
• Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’ | The Daily Swig
• Microsoft notifies customers of Azure bug that exposed their source code - The Record by Recorded Future
• US charges former GRU officer with hacking and stock market trading scheme - The Record by Recorded Future
• Crypto exchanges keep getting hacked, and there's little anyone can do
• CISA tells agencies to patch recent Windows 10 zero-day abused by Emotet botnet - The Record by Recorded Future
• Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels | TechCrunch
• Backdoor gives hackers complete control over federal agency network | Ars Technica
• Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide | Ars Technica