Risky Business #808 -- Insane megabug in Entra left all tenants exposed
On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including:
Secret Service raids a SIM farm in New York
MI6 launches a dark web portal
Are the 2023 Scattered Spider kids finally getting their comeuppance?
Production halt continues for Jaguar Land Rover
GitHub tightens its security after Shai-Hulud worm
This week’s episode is sponsored by Sublime Security. In this week’s sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform.
This episode is also available on YouTube
Show notes
U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly
MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io
Github npm changes
Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive
Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News
When “Goodbye” isn’t the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net
UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive
Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News
Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop
DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News
vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X
JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% | The Record from Recorded Future News
Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive
New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News
AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive
--------
52:37
--------
52:37
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Shai-Hulud worm propagates via npm and steals credentials
Jaguar Land Rover attack may put smaller suppliers out of business
Leaked data emerges from the vendor behind the Great Firewall of China
Vastaamo hacker walks free while appeal is underway
Why is a senator so mad about Kerberos?
This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.
This week’s episode is also available on Youtube.
Show notes
Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis
Jaguar Land Rover production shutdown could last until November
U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
How China’s Propaganda and Surveillance Systems Really Operate | WIRED
Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council
Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News
US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News
BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News
Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News
Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica
Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters
Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch
--------
53:19
--------
53:19
Risky Biz Soap Box: runZero shakes up vulnerability management
In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.
With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.
It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.
This episode is also available on Youtube.
Show notes
--------
34:17
--------
34:17
Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Apple ruins exploit developers’ week with fresh memory corruption mitigations
Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack
Salesloft says its GitHub was the initial entry point for its compromise
Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”
Rogue certs for 1.1.1.1 appear to be just (stupid) testing
Jaguar Land Rover ransomware attackers are courting trouble
This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!
This episode is also available on Youtube.
Show notes
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Venezuela's president thinks American spies can't hack Huawei phones | TechCrunch
18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security
Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Ars Technica
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise | Cybersecurity Dive
CISA orders federal agencies to patch Sitecore zero-day following hacking reports | The Record from Recorded Future News
SAP warns of high-severity vulnerabilities in multiple products - Ars Technica
The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. - Ars Technica
Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News
Cyberattack forces Jaguar Land Rover to tell staff to stay at home | The Record from Recorded Future News
Bridgestone Americas continues probe as it looks to restore operations | Cybersecurity Dive
Qantas penalizes executives for July cyberattack | The Record from Recorded Future News
Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' | The Record from Recorded Future News
GOP Cries Censorship Over Spam Filters That Work – Krebs on Security
Risky Bulletin: APT report? No, just a phishing test! - Risky Business Media
Post by @patrick.risky.biz — Bluesky
--------
51:42
--------
51:42
Snake Oilers: Nebulock, Vali Cyber and Cape
In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:
Automated, AI-powered threat hunting with Nebulock
Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.
Runtime security for hypervisors from Vali Cyber
Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments.
A secure mobile telco: Cape
The only thing American cell providers love more than providing patchy coverage is getting their customers’ data owned. Cape is here to change that. It’s a security and anonymity-focussed virtual mobile network operator (MVNO) that’s been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce.
This episode is also available on Youtube
Show notes
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Sverige