Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Ukraine sanctions may lead to Russia going “cyber feral”
• Brian Krebs links Red Cross breach to Iranian actor
• APT10 uses cred stuffing as misdirection
• Report: Global logistics behemoth Expeditors ransomwared
• NFT is drama still hilarious
• Inside the epic KlaySwap hack
• Much, much more

In this week’s sponsor interview Thinkst Canary’s Marco Slaviero talks about some work they’ve done on introducing a “Safety Net” against AWS token enumeration edge cases. That’s a very interesting interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• White House attributes Ukraine DDoS incidents to Russia's GRU - CyberScoop
• U.S. issues blanket warning on potential of destructive Russian hacks
• Russian hackers have probably penetrated critical Ukraine computer networks, U.S. says - The Washington Post
• Ukraine dismantles social media bot farm spreading "panic" - The Record by Recorded Future
• US says Russian hackers breached multiple DOD contractors - The Record by Recorded Future
• Red Cross blames hack on Zoho vulnerability, suspects APT attack - The Record by Recorded Future
• Red Cross Hack Linked to Iranian Influence Operation? – Krebs on Security
• Deep dive into hack against Iranian state TV yields wiper malware, other custom tools
• VMware Horizon servers are under active exploit by Iranian state hackers | Ars Technica
• Chinese hackers linked to months-long attack on Taiwanese financial sector - The Record by Recorded Future
• San Francisco 49ers confirm ransomware attack - The Record by Recorded Future
• Global logistics giant Expeditors suffers cyberattack, shuts down operations systems - FreightWaves
• Vodafone Portugal struggles to restore service following cyberattack | Ars Technica
• The US Crackdown on Spyware Vendors Is Only Beginning
• People Whose NFTs Were Stolen Are Getting Wildly Different Refunds from OpenSea
• Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack | ZDNet
• KlaySwap crypto users lose funds after BGP hijack - The Record by Recorded Future
• Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency | The Daily Swig
• For signs of cryptocurrency laundering, look closely at Moscow firms, report says
• Srsly Risky Biz: Thursday February 17
• More data on Canadian 'Freedom Convoy' donors leaked -website | Reuters
• Stream Episode 179: Truck Yeah, Canada feat Dan Boeckner by QAnon Anonymous | Listen online for free on SoundCloud
• FBI sees increase in use of virtual meeting platforms for BEC scams - The Record by Recorded Future
• This Is the ‘Hacking’ Investigation Into Journalist Who Clicked ‘View Source’ on Government Website
• Bhima Koregaon case: New report finds activist Rona Wilson was targeted by hackers linked to cyber espionage - The Washington Post
• Thousands of npm accounts use email addresses with expired domains - The Record by Recorded Future
• EARN IT Act gets no changes to encryption language in Senate committee
• SEC's breach notification proposal one step closer to a final vote
• In touch with Reality Winner - The Record by Recorded Future
• A “Safety Net” for AWS Canarytokens