Risky Business #617 -- Exchangapalooza '21

Can open, worms everywhere...
10 Mar 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • All the Exchange boxes on the planet have pretty much been owned lol
  • See above
  • Someone’s hacking Russian crime forums
  • The Accellion scandal keeps on truckin’
  • Dependency confusion attacks are going berserk in the wild
  • Gab got owned. Again.
  • John McAfee is in all sorts of trouble
  • Much, much more

This week’s show is brought to you by Nucleus Security. Its director of APAC operations, Gil Azaria, joins us in this week’s sponsor interview to talk about how he became a Nucleus customer before he joined the vendor as its APAC guy.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Warning the World of a Ticking Time Bomb — Krebs on Security
Web shells everywhere - Risky Business
A Basic Timeline of the Exchange Mass-Hack — Krebs on Security
Attacks on Exchange servers expand from nation-states to cryptominers | The Record by Recorded Future
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software — Krebs on Security
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims | WIRED
CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers
Attacks on SolarWinds Servers Also Linked To Chinese Threat Actor | The Record by Recorded Future
‘Retaliation’ for Russia's SolarWinds Spying Isn't the Answer | WIRED
Three Top Russian Cybercrime Forums Hacked — Krebs on Security
The Accellion Breach Keeps Getting Worse—and More Expensive | WIRED
Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt
Cloud security firm Qualys reportedly victimized by prolific scammers - CyberScoop
Ransomware Gang Threatens To Launch DDoS Attacks, Call Reporters and Business Partners | The Record by Recorded Future
A new type of supply-chain attack with serious consequences is flourishing | Ars Technica
Open source software repositories play ‘whack-a-mole’ as ‘dependency confusion’ copycats exceed 5,000 | The Daily Swig
Massive FluBot Botnet Infects 60,000 Android Smartphones | The Record by Recorded Future
FluBot Malware Gang Arrested in Barcelona | The Record by Recorded Future
Gab, a haven for pro-Trump conspiracy theories, has been hacked again | Ars Technica
US Charges Infosec Veteran John McAfee over Cryptocurrency Pump-and-Dump Scheme | The Record by Recorded Future
GitHub users forcibly logged out of accounts to patch ‘potentially serious’ security bug | The Daily Swig
Airlines warn of data breaches after SITA passenger system hack | TechCrunch
Solutions to Detect Ransomware Attacks Can Often Be Very Trivial | The Record by Recorded Future
Research: How JSON parsers can create security risks when it comes to interoperability | The Daily Swig
Trojan Spyware and BEC Attacks
CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF
NSA and CISA promote PDNS concept | The Record by Recorded Future
Microsoft Exchange exploitation: how to detect, mitigate, and stay calm