On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- All the Exchange boxes on the planet have pretty much been owned lol
- See above
- Someone’s hacking Russian crime forums
- The Accellion scandal keeps on truckin’
- Dependency confusion attacks are going berserk in the wild
- Gab got owned. Again.
- John McAfee is in all sorts of trouble
- Much, much more
This week’s show is brought to you by Nucleus Security. Its director of APAC operations, Gil Azaria, joins us in this week’s sponsor interview to talk about how he became a Nucleus customer before he joined the vendor as its APAC guy.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Warning the World of a Ticking Time Bomb — Krebs on Security
- Web shells everywhere - Risky Business
- A Basic Timeline of the Exchange Mass-Hack — Krebs on Security
- Attacks on Exchange servers expand from nation-states to cryptominers | The Record by Recorded Future
- At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software — Krebs on Security
- Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims | WIRED
- CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers
- Attacks on SolarWinds Servers Also Linked To Chinese Threat Actor | The Record by Recorded Future
- ‘Retaliation’ for Russia's SolarWinds Spying Isn't the Answer | WIRED
- Three Top Russian Cybercrime Forums Hacked — Krebs on Security
- The Accellion Breach Keeps Getting Worse—and More Expensive | WIRED
- Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt
- Cloud security firm Qualys reportedly victimized by prolific scammers - CyberScoop
- Ransomware Gang Threatens To Launch DDoS Attacks, Call Reporters and Business Partners | The Record by Recorded Future
- A new type of supply-chain attack with serious consequences is flourishing | Ars Technica
- Open source software repositories play ‘whack-a-mole’ as ‘dependency confusion’ copycats exceed 5,000 | The Daily Swig
- Massive FluBot Botnet Infects 60,000 Android Smartphones | The Record by Recorded Future
- FluBot Malware Gang Arrested in Barcelona | The Record by Recorded Future
- Gab, a haven for pro-Trump conspiracy theories, has been hacked again | Ars Technica
- US Charges Infosec Veteran John McAfee over Cryptocurrency Pump-and-Dump Scheme | The Record by Recorded Future
- GitHub users forcibly logged out of accounts to patch ‘potentially serious’ security bug | The Daily Swig
- Airlines warn of data breaches after SITA passenger system hack | TechCrunch
- Solutions to Detect Ransomware Attacks Can Often Be Very Trivial | The Record by Recorded Future
- Research: How JSON parsers can create security risks when it comes to interoperability | The Daily Swig
- Trojan Spyware and BEC Attacks
- CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF
- NSA and CISA promote PDNS concept | The Record by Recorded Future
- Microsoft Exchange exploitation: how to detect, mitigate, and stay calm