Risky Business #621 -- Ultra professional criminal attackers ascendant

Infosec's trajectory looks a bit depressing right now...
28 Apr 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • USA imposes sanctions over SolarWinds campaign
  • Enterprise border devices being attacked everywhere by all and sundry
  • Malvertising is coming back
  • Ultra professional criminal attackers are ascendant
  • All the latest ransomware, supply chain and other infosec news

This week’s sponsor interview is with Brian Dye, CEO of Corelight. We speak to him about what he’s calling “Open NDR”. A lot of the big SOCs have settled on their preferred ways of sharing threat information, and Brian drops by to talk all about those trends.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

White House formally blames Russian intelligence service SVR for SolarWinds hack | The Record by Recorded Future
CISA, FBI, NSA reveal five enterprise bugs exploited by Russia's APT29 group | The Record by Recorded Future
Hackers go after SonicWall email appliances with three zero-days | The Record by Recorded Future
Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world | Ars Technica
New Cring ransomware deployed via unpatched Fortinet VPNs | The Record by Recorded Future
US says APTs are using Fortinet bugs to gain initial access for future attacks | The Record by Recorded Future
Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild | The Record by Recorded Future
Password manager Passwordstate hacked to deploy malware on customer systems | The Record by Recorded Future
Codecov discloses 2.5-month-long supply chain attack | The Record by Recorded Future
Vulnerability in time-syncing software puts a ton of corporate networks at risk | The Record by Recorded Future
NSA says it found new critical vulnerabilities in Microsoft Exchange Server
Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities | USAO-SDTX | Department of Justice
Ransom Gangs Emailing Victim Customers for Leverage – Krebs on Security
Ransomware gang tries to extort Apple hours ahead of Spring Loaded event | The Record by Recorded Future
UnitingCare Queensland hit by cyber attack - Security - iTnews
Ransomware gang threatens to expose police informants if ransom is not paid | The Record by Recorded Future
Ransomware gang wants to short the stock price of their victims | The Record by Recorded Future
How the Kremlin provides a safe harbor for ransomware
Malvertisers hacked 120 ad servers to load malicious ads | The Record by Recorded Future
Security researcher drops Chrome and Edge exploit on Twitter | The Record by Recorded Future
Recent Chromium bug used to attack Chinese WeChat users | The Record by Recorded Future
SAP systems usually come under attack 72 hours after a patch | The Record by Recorded Future
European cops collected data from encrypted chat service for weeks prior to cocaine bust
Colombia’s cartels target Europe with cocaine, corruption and torture | Drugs trade | The Guardian
Australian firm Azimuth unlocked the San Bernardino shooter’s iPhone for the FBI - The Washington Post
Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
Lawyer Asks For New Trial After Cellebrite Vulnerability Discovery
Cellebrite Pushes Update After Signal Owner Hacks Device
Signal Adds a Payments Feature—With a Privacy-Focused Cryptocurrency | WIRED
WhatsApp Spying Site Blames WhatsApp for Letting It Spy
Phone numbers for 533 million Facebook users leaked on hacking forum | The Record by Recorded Future
Facebook Wants to 'Normalize' the Mass Scraping of Personal Data
Palestinian Hackers Tricked Victims Into Installing iOS Spyware | WIRED
The UK Is Trying to Stop Facebook's End-to-End Encryption | WIRED
Hackers move $760 million from the 2016 Bitfinex hack | The Record by Recorded Future
'Fourth Amendment Is Not For Sale Act' Would Ban Clearview and Warrantless Location Data Purchases
Ill-advised research on Linux kernel lands computer scientists in hot water | The Daily Swig
Researchers trick Duo 2FA into sending authentication request to attacker-controlled device | The Daily Swig
NAME:WRECK vulnerabilities impact millions of smart and industrial devices | The Record by Recorded Future
Google's Project Zero updates vulnerability disclosure rules to add patch cushion | The Record by Recorded Future
Suspected North Korean hackers set up fake company to target researchers, Google says - CyberScoop
National security: Five Eyes split demands Australia reset with New Zealand
Dan Kaminsky: Tributes pour in for security researcher who died after short illness | The Daily Swig