Risky Business #618 -- MS security licensing faces congressional scrutiny

US lawmakers baulk at Microsoft's "millions for basic security features" policy...
17 Mar 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The latest on the Exchange tyre fire
  • Lawmakers in the USA have had enough of Microsoft’s ridiculous licensing tiers
  • White House mulls software security rating system
  • Joseph Cox’s SMS adventures
  • Things didn’t quite work out for APT6920 Arson Cats
  • Much, much more

This week’s show is brought to you by VMRay. They asked us to interview one of their customers in this week’s sponsor segment so Brad Marr, the CISO of Life Fitness, pops in to walk through his VMRay use case.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

No signs yet of Exchange Server compromises at federal agencies, CISA says
At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns - CyberScoop
Up To 125,000 Servers Remain Vulnerable To Devastating Microsoft Exchange Attacks
A hacking group is hijacking Microsoft Exchange web shells | The Record by Recorded Future
Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs | The Record by Recorded Future
Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers | The Record by Recorded Future
There’s a vexing mystery surrounding the 0-day attacks on Exchange servers | Ars Technica
Critics fume after Github removes exploit code for Exchange vulnerabilities | Ars Technica
Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers | Reuters
Biden administration mulls software security grades after SolarWinds
Russia's Putin likely directed 2020 election meddling, U.S. finds | Reuters
FBI alert warns of Russian, Chinese use of deepfake content
A Hacker Got All My Texts for $16
Hackers access security cameras inside Cloudflare, jails, and hospitals | Ars Technica
Alleged Hacker Who Broke Into AI Surveillance Company Raided By Police
Tampa Twitter hacker agrees to three years in prison
Google, Linux Foundation, Red Hat release free tool to secure software supply chains | The Record by Recorded Future
Signal is down in China after 100 million reported downloads
Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People
Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App
Indicted CEO of Encrypted Phone Firm 'Sky' Says He Will Clear His Name
Buffalo Public Schools cancels classes after cyberattack
FBI warns of escalating Pysa ransomware attacks on education orgs
Molson Coors beer production disrupted after cyberattack | The Record by Recorded Future
Spanish government falls victim to Ryuk ransomware attack | The Record by Recorded Future
ZHtrap botnet deploys honeypots to trap&steal bots from rivals | The Record by Recorded Future
$5.7M stolen in Roll crypto heist after hot wallet hacked | TechCrunch
Two cryptocurrency portals are experiencing a DNS hijack at the same time | The Record by Recorded Future
WeLeakInfo Leaked Customer Payment Info — Krebs on Security
Security agencies leak sensitive data by failing to sanitize PDF files | The Record by Recorded Future
Critical 0-day that targeted security researchers gets a patch from Microsoft | Ars Technica
F5 releases patches for nearly two dozen vulnerabilities, some critical
Git vulnerability could enable remote code execution attacks during clone process | The Daily Swig