This episode sponsored by VMRay.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- The latest on the Exchange tyre fire
- Lawmakers in the USA have had enough of Microsoft’s ridiculous licensing tiers
- White House mulls software security rating system
- Joseph Cox’s SMS adventures
- Things didn’t quite work out for APT6920 Arson Cats
- Much, much more
This week’s show is brought to you by VMRay. They asked us to interview one of their customers in this week’s sponsor segment so Brad Marr, the CISO of Life Fitness, pops in to walk through his VMRay use case.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- No signs yet of Exchange Server compromises at federal agencies, CISA says
- At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns - CyberScoop
- Up To 125,000 Servers Remain Vulnerable To Devastating Microsoft Exchange Attacks
- A hacking group is hijacking Microsoft Exchange web shells | The Record by Recorded Future
- Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs | The Record by Recorded Future
- Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers | The Record by Recorded Future
- There’s a vexing mystery surrounding the 0-day attacks on Exchange servers | Ars Technica
- Critics fume after Github removes exploit code for Exchange vulnerabilities | Ars Technica
- Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers | Reuters
- Biden administration mulls software security grades after SolarWinds
- Russia's Putin likely directed 2020 election meddling, U.S. finds | Reuters
- FBI alert warns of Russian, Chinese use of deepfake content
- A Hacker Got All My Texts for $16
- Hackers access security cameras inside Cloudflare, jails, and hospitals | Ars Technica
- Alleged Hacker Who Broke Into AI Surveillance Company Raided By Police
- Tampa Twitter hacker agrees to three years in prison
- Google, Linux Foundation, Red Hat release free tool to secure software supply chains | The Record by Recorded Future
- Signal is down in China after 100 million reported downloads
- Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People
- Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App
- Indicted CEO of Encrypted Phone Firm 'Sky' Says He Will Clear His Name
- Buffalo Public Schools cancels classes after cyberattack
- FBI warns of escalating Pysa ransomware attacks on education orgs
- Molson Coors beer production disrupted after cyberattack | The Record by Recorded Future
- Spanish government falls victim to Ryuk ransomware attack | The Record by Recorded Future
- ZHtrap botnet deploys honeypots to trap&steal bots from rivals | The Record by Recorded Future
- $5.7M stolen in Roll crypto heist after hot wallet hacked | TechCrunch
- Two cryptocurrency portals are experiencing a DNS hijack at the same time | The Record by Recorded Future
- WeLeakInfo Leaked Customer Payment Info — Krebs on Security
- Security agencies leak sensitive data by failing to sanitize PDF files | The Record by Recorded Future
- Critical 0-day that targeted security researchers gets a patch from Microsoft | Ars Technica
- F5 releases patches for nearly two dozen vulnerabilities, some critical
- Git vulnerability could enable remote code execution attacks during clone process | The Daily Swig
