Risky Business #611 -- MalwareBytes the latest "Holiday Bear" victim

More like o36-yikes, amirite?
20 Jan 2021 » Risky Business

On this week’s show Dmitri Alperovitch, Sherrod DeGrippo and Joe Slowik join host Patrick Gray to talk through the week’s news:

  • MalwareBytes the latest victim in the increasingly poorly-named “SolarWinds campaign”
  • FireEye issues helpful guidance, tools, to help orgs detect “golden SAML” and related techniques
  • Rob Joyce, Anne Neuberger, Michael Sulmeyer all get promoted! Wooo!
  • Much, much more

This week’s show is brought to you by Airlock Digital. They make what we’re calling an execution control platform. Its central feature is easy-to-use and hard-to-bypass allowlisting. It’s a bunch of sensible and useable controls packaged up into a 7Mb. It slices, it dices, it slays lolbins and user powershell rights, and it comes in a beautiful suede pouch! It’s the endpoint protection you get when it’s built by practitioners in concert with people who actually understand windows internals. That’s right! Patrick is drinking the Kool-Aid on this one! Airlock founders Dave Cottingham and Daniel Schell join in this week’s sponsor interview to talk through allow-listings second wave of popularity.

Links to everything are below!

Show notes

Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet
Fourth malware strain discovered in SolarWinds incident | ZDNet
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers | ZDNet
Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine | Ars Technica
Rob Joyce named new NSA cybersecurity director - CyberScoop
Biden team taps NSA Cybersecurity Director Anne Neuberger for NSC - CyberScoop
Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig
Airbnb to Cancel All DC Bookings in Inauguration Week
CISA tells agencies to consider ad blockers to fend off 'malvertising'
Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet
Iranian cyberspies behind major Christmas SMS spear-phishing campaign | ZDNet
Joker's Stash, the internet's largest carding forum, is shutting down | ZDNet
After judge orders release of hacker tied to ISIS, US says 'Not so fast'
A security researcher commandeered a country’s expired top-level domain to save it from hackers | TechCrunch
Scam-as-a-Service operation made more than $6.5 million in 2020 | ZDNet
Signal endures 'technical difficulties' amid new popularity - CyberScoop
Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware | The Daily Swig
Critical zero-day RCE in Microsoft Office 365 awaits third security patch | The Daily Swig
FBI investigating whether woman stole laptop from Pelosi's office to sell it to Russia - POLITICO
Linux Mint fixes screensaver bypass discovered by two kids | ZDNet
Text of a Letter to the Speaker of the House of Representatives and the President of the Senate | The White House
Request an Airlock Product Demonstration - Airlock Digital