Risky Business #610 -- Propellerheads in dark on JetBrains

PLUS: Mimecast gets Russia'd and more...
13 Jan 2021 » Risky Business

Joe Slowik and Katie Nickels are guest co-hosts in this week’s edition of the show. They join Patrick Gray to talk about:

  • Mimecast having some stolen certificate, errr, “problems”
  • The confusing reports about JetBrains
  • Analysis of the malware used in the SolarWinds campaign
  • Australian man arrested in Germany and charged with running DarkMarket
  • The Great Deplatforming of 2021

This week’s show is brought to you by Gigamon.

If you’re a Gigamon shop you should really take a look at their ThreatInsight platform, that’s a no brainer. Even if you’re not, they’re real players in the network detection and response space. Joining us in this week’s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.

Links to everything that we discussed are below and you can follow Patrick, Katie or Joe on Twitter if that’s your thing.

Show notes

Mimecast says hackers abused one of its certificates to access Microsoft accounts | ZDNet
JetBrains denies being involved in SolarWinds hack | ZDNet
Federal courts are latest apparent victim of SolarWinds hack
CISA: SolarWinds hackers also used password guessing to breach targets | ZDNet
Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security
The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group | WIRED
(1) New Message!
SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack - CyberScoop
Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources | Reuters
DarkMarket: world's largest illegal dark web marketplace taken down | Europol
Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That?
Trump Is Permanently Suspended From Twitter
Facebook bans Trump indefinitely; risks 'simply too great,' Zuckerberg says - CyberScoop
Amazon boots Parler from web hosting service over violent content - CyberScoop
Google removes Parler app from Play Store | ZDNet
Twitter purges QAnon accounts; Facebook targets 'Stop the Steal' - CyberScoop
Some ransomware gangs are going after top execs to pressure companies into paying | ZDNet
Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data | WIRED
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips | Ars Technica
Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor | The Daily Swig
Telegram feature exposes your precise address to hackers | Ars Technica
WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app | Ars Technica
More Chinese apps attract a ban from a presidential administration on the way out
China CCP to Nationalize Jack Ma's Alibaba and Ant Group - Report
CES 2021: Intel adds ransomware detection capabilities at the silicon level | ZDNet
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes | Threatpost
Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks | The Daily Swig
Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon