Risky Business #620 -- Project Zero burns Western counterterrorism operation

We're glad we don't have to make those sort of decisions at Risky Biz HQ...
31 Mar 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Ubiquiti insider blows whistle on breach
  • Cyber insurer ransomwared
  • Project Zero burned a Western counterterrorism operation
  • Australian parliament, media, politicians all under attack
  • Executive Order would require vendors to notify US government of incidents
  • Much, much more…

This week’s sponsor guest is a special one. Metasploit creator and Rumble.run founder HD Moore will join us to talk all about his new venture, the Rumble asset discovery tool. It’s an absolutely fantastic interview, as you’d expect from HD.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security
SHAREHOLDER ALERT: Ubiquiti, Inc. Investigated for Possible Securities Laws Violations by Block & Leviton LLP; Investors Should Contact the Firm
Ubiquiti tells customers to change passwords after security breach | ZDNet
Top insurer CNA disconnects systems after cyberattack
London's biggest school trust hit by ransomware | The Record by Recorded Future
Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion
Nine says it has isolated source of cyber attack
Cyber attack on Channel Nine: Government assistance requested by network
Nine Entertainment warns ransomware recovery 'will take time' - Security - iTnews
AFP, NSW Police investigating cyber attack on Nine
'State actor' behind Nine Network cyber attack, , tech expert says
Australia investigates reported hacks aimed at parliament, media
Australian Minister’s Phone Hacked as Report Reveals Hong Kong Link
Australian ministers are targets in Telegram phishing scam, Australia/NZ News & Top Stories - The Straits Times
Hackers target German lawmakers in an election year
Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters
Facebook disrupts Beijing's Uyghur hacking campaign | The Record by Recorded Future
Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy | MIT Technology Review
Apple releases iPhone, iPad and Watch security patches for zero-day bug under active attack | TechCrunch
US lacks visibility into digital espionage at home, NSA boss says
The Dark Web Is Teeming With Vaccine Listings Right Now | WIRED
Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts
T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation
New 5G protocol vulnerabilities allow location tracking | The Record by Recorded Future
PHP's Git server hacked to add backdoors to PHP source code
SSRF vulnerability in NPM package Netmask impacts up to 279k projects | The Daily Swig
H2C smuggling proves effective against Azure, Cloudflare Access, and more | The Daily Swig
Security researcher launches GoFundMe campaign to fight legal threat over vulnerability disclosure | The Daily Swig
Cloudflare launches JavaScript dependency dashboard utility to warn against Magecart-style malfeasance | The Daily Swig
Microsoft Teams is the first target for new app-focused bug bounty program | The Daily Swig
Slack Says Letting Anyone Message Anyone With Few Limits Was ‘a Mistake’
No, I Did Not Hack Your MS Exchange Server — Krebs on Security