Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Spanish PM’s phone infected by Pegasus
• Microsoft drops Ukraine research report
• We can’t make heads or tails out of the FBI’s transparency report
• France hit with coordinated fibre sabotage campaign
• Why Musk’s algorithm pledge is meaningless
• Much, much more

This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• Spyware attack targeted Spanish prime minister’s phone - The Record by Recorded Future
• Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ | Spain | The Guardian
• Russia’s hackers and military went after the same targets in Ukraine, Microsoft says
• Russia Is Being Hacked at an Unprecedented Scale | WIRED
• Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future
• Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future
• 2022_ASTR_for_CY2020_FINAL.pdf
• Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans’ Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon
• How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities
• Who tried to hack Hawaii’s undersea cable? - The Record by Recorded Future
• Nauru police emails leaked to protest against Australia's offshore detention
• Fighting Fake EDRs With ‘Credit Ratings’ for Police – Krebs on Security
• Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline
• Musk's plans to make Twitter's algorithms public raises disinformation conundrum
• Elon Musk’s Plan to Open Source the Twitter Algorithm Won’t Solve Anything | WIRED
• Kronos cyber attack sparks lawsuits against employers | BenefitsPRO
• German wind farm operator confirms cybersecurity incident - The Record by Recorded Future
• German library service struggling to recover from ransomware attack - The Record by Recorded Future
• Trinidad’s largest supermarket chain crippled by cyberattack - The Record by Recorded Future
• Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future
• NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms
• Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future
• Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
• Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future
• Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future
• Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog
• Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica
• More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future
• Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future
• Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future
• Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future
• Crypto Hackers Stole More Than $370 Million In April Alone
• Airlock Digital Demo - YouTube
• Risky Business News | Patrick Gray | Substack