Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• “Shields Up” advice is now provably meaningless
• Russia to ditch offshore comms apps like WhatsApp
• Evil Corp’s Lockbit sanctions evasion attempt backfires
• Binance is a cesspit of shady financial dealings
• Apple’s passkey release foreshadows FIDO mass adoption
• Much, much more

This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News
• White House: cyber activity not against Russia policy | Reuters
• 'Shields Up': the new normal in cyberspace
• Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022
• «Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru
• Киев использовал против России новый принцип кибератак - Ведомости
• Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022
• FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator
• To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant
• Risky Biz News: LockBit-Mandiant drama, explained
• How Binance became a hub for hackers, fraudsters and drug sellers
• Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore.
• Fed cyber officials detail Chinese state hackers using common exploits against telcos
• Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store
• Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com
• Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED
• Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future
• Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED
• MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED
• Zero-Day Exploitation of Atlassian Confluence | Volexity
• Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter
• Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED
• (3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter
• Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions
• ‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million
• PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter
• NFT insider trading charges filed against former OpenSea employee Nate Chastain
• Detecting BPFDoor backdoor payload | Elastic