This episode sponsored by Corelight.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- USA imposes sanctions over SolarWinds campaign
- Enterprise border devices being attacked everywhere by all and sundry
- Malvertising is coming back
- Ultra professional criminal attackers are ascendant
- All the latest ransomware, supply chain and other infosec news
This week’s sponsor interview is with Brian Dye, CEO of Corelight. We speak to him about what he’s calling “Open NDR”. A lot of the big SOCs have settled on their preferred ways of sharing threat information, and Brian drops by to talk all about those trends.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- White House formally blames Russian intelligence service SVR for SolarWinds hack | The Record by Recorded Future
- CISA, FBI, NSA reveal five enterprise bugs exploited by Russia's APT29 group | The Record by Recorded Future
- Hackers go after SonicWall email appliances with three zero-days | The Record by Recorded Future
- Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world | Ars Technica
- New Cring ransomware deployed via unpatched Fortinet VPNs | The Record by Recorded Future
- US says APTs are using Fortinet bugs to gain initial access for future attacks | The Record by Recorded Future
- Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild | The Record by Recorded Future
- Password manager Passwordstate hacked to deploy malware on customer systems | The Record by Recorded Future
- Codecov discloses 2.5-month-long supply chain attack | The Record by Recorded Future
- Vulnerability in time-syncing software puts a ton of corporate networks at risk | The Record by Recorded Future
- NSA says it found new critical vulnerabilities in Microsoft Exchange Server
- Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities | USAO-SDTX | Department of Justice
- Ransom Gangs Emailing Victim Customers for Leverage – Krebs on Security
- Ransomware gang tries to extort Apple hours ahead of Spring Loaded event | The Record by Recorded Future
- UnitingCare Queensland hit by cyber attack - Security - iTnews
- Ransomware gang threatens to expose police informants if ransom is not paid | The Record by Recorded Future
- Ransomware gang wants to short the stock price of their victims | The Record by Recorded Future
- How the Kremlin provides a safe harbor for ransomware
- Malvertisers hacked 120 ad servers to load malicious ads | The Record by Recorded Future
- Security researcher drops Chrome and Edge exploit on Twitter | The Record by Recorded Future
- Recent Chromium bug used to attack Chinese WeChat users | The Record by Recorded Future
- SAP systems usually come under attack 72 hours after a patch | The Record by Recorded Future
- European cops collected data from encrypted chat service for weeks prior to cocaine bust
- Colombia’s cartels target Europe with cocaine, corruption and torture | Drugs trade | The Guardian
- Australian firm Azimuth unlocked the San Bernardino shooter’s iPhone for the FBI - The Washington Post
- Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
- Lawyer Asks For New Trial After Cellebrite Vulnerability Discovery
- Cellebrite Pushes Update After Signal Owner Hacks Device
- Signal Adds a Payments Feature—With a Privacy-Focused Cryptocurrency | WIRED
- WhatsApp Spying Site Blames WhatsApp for Letting It Spy
- Phone numbers for 533 million Facebook users leaked on hacking forum | The Record by Recorded Future
- Facebook Wants to 'Normalize' the Mass Scraping of Personal Data
- Palestinian Hackers Tricked Victims Into Installing iOS Spyware | WIRED
- The UK Is Trying to Stop Facebook's End-to-End Encryption | WIRED
- Hackers move $760 million from the 2016 Bitfinex hack | The Record by Recorded Future
- 'Fourth Amendment Is Not For Sale Act' Would Ban Clearview and Warrantless Location Data Purchases
- Ill-advised research on Linux kernel lands computer scientists in hot water | The Daily Swig
- Researchers trick Duo 2FA into sending authentication request to attacker-controlled device | The Daily Swig
- NAME:WRECK vulnerabilities impact millions of smart and industrial devices | The Record by Recorded Future
- Google's Project Zero updates vulnerability disclosure rules to add patch cushion | The Record by Recorded Future
- Suspected North Korean hackers set up fake company to target researchers, Google says - CyberScoop
- National security: Five Eyes split demands Australia reset with New Zealand
- Dan Kaminsky: Tributes pour in for security researcher who died after short illness | The Daily Swig
