On this week’s show Patrick and Adam discuss the week’s security news, including:
- The UHS ransomware attack
- Someone is messing with TrickBot: Did the USA release the hounds?
- US Treasury issues final warning on sanctioned ransomware crews
- Azerbaijan and Armenia going at it
- Fancy Bear owns US government department
Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- A Ransomware Attack Has Struck a Major US Hospital Chain | WIRED
- German investigators treating ransomware attack as negligent homicide, reports say
- Attacks Aimed at Disrupting the Trickbot Botnet — Krebs on Security
- Microsoft: Some ransomware attacks take less than 45 minutes | ZDNet
- US Treasury says some ransomware payments may need its express approval | ZDNet
- Front companies for Chinese and Iranian APTs doxxed - Risky Business
- Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security
- Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says - CyberScoop
- US charges Iranian hackers for breaching US satellite companies | ZDNet
- A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware | WIRED
- Microsoft says Iranian hackers are exploiting the Zerologon vulnerability | ZDNet
- Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated
- North Korea has tried to hack 11 officials of the UN Security Council | ZDNet
- Federal Agency Compromised by Malicious Cyber Actor | CISA
- Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency | WIRED
- Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group | ZDNet
- TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help
- Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet
- Kevin Rudd: «The Dollar is One of the Things China Fears»
- Portland passes landmark private sector facial recognition technology ban | The Daily Swig
- All four of the world's largest shipping companies have now been hit by cyber-attacks | ZDNet
- UN maritime agency says it was hacked | ZDNet
- Trump officials hint at update for US maritime cybersecurity
- Encrochat Investigation Finds Corrupt Cops Leaking Information to Criminals
- KuCoin cryptocurrency exchange hacked for $150 million | ZDNet
- GitHub rolls out new Code Scanning security feature to all users | ZDNet
- Facebook sues two Chrome extension makers for scraping user data | ZDNet
- Senator asks DHS if foreign-controlled browser extensions threaten the US | Ars Technica
- A security flaw in Grindr let anyone easily hijack user accounts | TechCrunch
- Hackers claim they can now jailbreak Apple's T2 security chip | ZDNet
- Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000 | The Daily Swig
- Mozilla shuts down Firefox Send and Firefox Notes services | ZDNet
- Member of 'The Dark Overlord' hacking group sentenced to five years in prison | ZDNet
- LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles
- John McAfee arrested in Spain, charged with tax evasion