Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why Spring4Shell isn’t all hype
• How Viasat actually got owned
• Russian war crimes likely extend to coercing sysadmis
• Why lighter fluid and a box of matches is more effective than cyber in Belarus
• Much, much more

This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer.

Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing.

And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• Explaining Spring4Shell: The Internet security disaster that wasn’t | Ars Technica
• VMware sprung by Spring4shell vulnerability - Security - iTnews
• Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future
• VIASAT incident: from speculation to technical details.
• AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne
• EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters
• Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter
• Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future
• The Belarus ‘railway rebels’, who dare stop Vladimir Putin’s invasion in its tracks
• German wind turbine maker shut down after cyberattack - The Record by Recorded Future
• Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future
• Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig
• Two alleged Lapsus$ teens appear in London court
• IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica
• Notorious hacking group FIN7 adds ransomware to its repertoire
• NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future
• Debate erupts at news the White House may scale back DOD cyber-ops authorities
• Legislators rail against potential rollback of flexible DOD cyber powers
• ‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig
• Trend Micro warns of active attacks against Apex Central console | The Daily Swig
• Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future
• Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica
• GitLab addresses critical account hijack bug | The Daily Swig
• Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future
• Bank that lacked basic security suffers predictable fate • The Register
• Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform