Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Okta’s somewhat awful comms around its LAPSUS$ incident
• Inside Microsoft’s brush with the same group
• How Elon Musk’s Starlink service is being used to drop bombs on Russian tanks
• US, UK governments warn of impending Russian cyberdoom
• Much, much more…

This week’s sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It’s a topic that has come up a lot for us lately – ransomware has borderline sunk the current cyber insurance model as payments ballooned and payouts made a lot of insurers adjust premiums to the. But all is not lost – Paul says this blowup means the insurance industry is actually adapting and could wind up being a driver of better security practices.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• Hackers hit authentication firm Okta, customers 'may have been impacted' | Reuters
• Updated Okta Statement on LAPSUS$ | Okta
• Microsoft investigating Lapsus$ claims of Bing, Cortana data theft - The Record by Recorded Future
• DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog
• U.K. echoes Biden warning on Russian cyberattacks - The Record by Recorded Future
• Statement by President Biden on our Nation’s Cybersecurity | The White House
• FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden's Russia cyberattack warning - CNNPolitics
• CISA, FBI warn of satellite network hacks following Viasat cyberattack - The Record by Recorded Future
• Specialist Ukrainian drone unit picks off invading Russian forces as they sleep | News | The Times
• China’s DJI And Its Billionaire Chief Put In An Awkward Spot As Both Sides In Ukraine War Use Its Drones
• Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk
• Catalin Cimpanu on Twitter: "Following the poisoning of the node-ipc npm package to sabotage systems in Belarus and Russia, Russia's NKTsKI cyber-security agency has told companies to use local repos for FOSS software, use older versions prior to the invasion, and audit new updates https://t.co/3PlKdXTfn1 https://t.co/EV25HBBZFN" / Twitter
• U.S. bars ex-spies from becoming 'mercenaries,' following Reuters series | Reuters
• Behold, a password phishing site that can trick even savvy users | Ars Technica
• Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED
• Scammers have 2 clever new ways to install malicious apps on iOS devices | Ars Technica
• New details emerge on prolific Conti-linked cybercrime group
• Trickbot is using MikroTik routers to ply its trade. Now we know why | Ars Technica
• Sandworm-linked botnet has another piece of hardware in its sights
• Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms - Decrypt
• Lawmakers Probe Early Release of Top RU Cybercrook – Krebs on Security
• A different way to do PAM -- Paul Lanzi, Remediant - YouTube