Risky Business Podcast

March 17, 2021

Risky Business #618 -- MS security licensing faces congressional scrutiny

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The latest on the Exchange tyre fire
  • Lawmakers in the USA have had enough of Microsoft’s ridiculous licensing tiers
  • White House mulls software security rating system
  • Joseph Cox’s SMS adventures
  • Things didn’t quite work out for APT6920 Arson Cats
  • Much, much more

This week’s show is brought to you by VMRay. They asked us to interview one of their customers in this week’s sponsor segment so Brad Marr, the CISO of Life Fitness, pops in to walk through his VMRay use case.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #618 -- MS security licensing faces congressional scrutiny
0:00 / 0:00

Show notes

No signs yet of Exchange Server compromises at federal agencies, CISA says

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns - CyberScoop

Up To 125,000 Servers Remain Vulnerable To Devastating Microsoft Exchange Attacks

A hacking group is hijacking Microsoft Exchange web shells | The Record by Recorded Future

Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs | The Record by Recorded Future

Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers | The Record by Recorded Future

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers | Ars Technica

Critics fume after Github removes exploit code for Exchange vulnerabilities | Ars Technica

Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers | Reuters

Biden administration mulls software security grades after SolarWinds

Russia's Putin likely directed 2020 election meddling, U.S. finds | Reuters

FBI alert warns of Russian, Chinese use of deepfake content

A Hacker Got All My Texts for $16

Hackers access security cameras inside Cloudflare, jails, and hospitals | Ars Technica

Alleged Hacker Who Broke Into AI Surveillance Company Raided By Police

Tampa Twitter hacker agrees to three years in prison

Google, Linux Foundation, Red Hat release free tool to secure software supply chains | The Record by Recorded Future

Signal is down in China after 100 million reported downloads

Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People

Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App

Indicted CEO of Encrypted Phone Firm 'Sky' Says He Will Clear His Name

Buffalo Public Schools cancels classes after cyberattack

FBI warns of escalating Pysa ransomware attacks on education orgs

Molson Coors beer production disrupted after cyberattack | The Record by Recorded Future

Spanish government falls victim to Ryuk ransomware attack | The Record by Recorded Future

ZHtrap botnet deploys honeypots to trap&steal bots from rivals | The Record by Recorded Future

$5.7M stolen in Roll crypto heist after hot wallet hacked | TechCrunch

Two cryptocurrency portals are experiencing a DNS hijack at the same time | The Record by Recorded Future

WeLeakInfo Leaked Customer Payment Info — Krebs on Security

Security agencies leak sensitive data by failing to sanitize PDF files | The Record by Recorded Future

Critical 0-day that targeted security researchers gets a patch from Microsoft | Ars Technica

F5 releases patches for nearly two dozen vulnerabilities, some critical

Git vulnerability could enable remote code execution attacks during clone process | The Daily Swig