Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• China’s super spies figure out Rob Joyce ran TAO ops
• FBI, French authorities fly to Montenegro to investigate ransomware attack
• NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers
• SIM swap drama spills into real world shootings, firebombings
• Yandex Taxi hack clogs Moscow streets
• The TikTok breach that wasn’t
• Project Raven veterans get wings clipped
• Why recent BGP hijacks are getting a bit concerning
• Much, much more

This week’s show is brought to you by Corelight, the company that maintains Zeek. Corleight’s Federal CTO Jean Schaffer joins us in this week’s sponsor interview to talk about whether or not the White House’s executive order on Zero Trust is actually changing anything.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

• Exclusive: Evidence shows US’ NSA behind attack on email system of leading Chinese aviation university - Global Times
• Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter
• Patrick Gray on Twitter: "Great thread" / Twitter
• FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future
• Chile says gov’t agency struggling with ransomware attack - The Record by Recorded Future
• Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future
• Ransomware Gang Accessed Water Supplier’s Control System
• Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future
• Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter
• Criminal hackers targeting K-12 schools, U.S. government warns
• QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future
• Cloudflare Suggests It Won’t Cut Off Anti-Trans Stalking Forum
• Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian
• Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security
• State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation
• Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App
• Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times
• TikTok denies security breach after hackers leak user data, source code
• Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future
• Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium
• nanog: Yet another BGP hijacking towards AS16509
• A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED
• Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica
• Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts
• Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED
• WatchGuard firewall exploit threatens appliance takeover | The Daily Swig
• Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future
• Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica
• Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43 – Naked Security
• DownUnderCTF