Risky Business Podcast
May 05, 2021
Risky Business #622 -- GitHub weighs exploit ban
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- GitHub weighs banning exploits
- Ransomware galore
- Belgian government crippled in DDoS attack
- Intrusion Truth Twitter account suspended
- More Pulsesecure victims identified
- Much, much more
This week’s show is brought to you by ExtraHop networks, and they’ll pop along in this week’s sponsor interview to float a really, really good idea. The Biden administration EO on cybersecurity will mandate software is shipped with a so-called software bill of materials so customers will actually know what’s in their supply chain. Ben Higgins and Ted Driggs from Extrahop will join us today to argue they should also supply a bill of behaviours; data in a standardised form that will tell you things like what domains and IPs the software will connect to.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by ExtraHop
ExtraHop: Cloud-Native Network Detection and Response
Show notes
Belgium's government network goes down after massive DDoS attack | The Record by Recorded Future
Exclusive: Hackers Break Into Glovo, Europe’s $2 Billion Amazon Rival
'Phishing' Sites Buying Workplace Login Details Linked to Well-Funded Startup
More US agencies potentially hacked, this time with Pulse Secure exploits | Ars Technica
Twilio discloses impact from Codecov supply-chain attack
Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers
Suspected Chinese hackers are breaking into nearby military targets
NSA warns defense contractors to double check connections in light of Russian hacking
Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator
QNAP warns of AgeLocker ransomware attacks against NAS devices | The Record by Recorded Future
Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin | WIRED
An Ambitious Plan to Tackle Ransomware Faces Long Odds | WIRED
Task Force Seeks to Disrupt Ransomware Payments – Krebs on Security
The IRS Wants Help Hacking Cryptocurrency Hardware Wallets
Experian API Exposed Credit Scores of Most Americans – Krebs on Security
Magecart scammers aim at restaurants' online delivery systems
They Told Their Therapists Everything. Hackers Leaked It All | WIRED
Watch A Tesla Have Its Doors Hacked Open By A Drone
Time to update DNS servers to defend against brace of serious BIND vulnerabilities | The Daily Swig
Google Android’s implementation of privacy-preserving contact tracing ‘flawed’ | The Daily Swig
21Nails vulnerabilities impact 60% of the internet's email servers | The Record by Recorded Future
Qualys researchers uncover 21 bugs in Exim mail servers - CyberScoop
New Spectre attack once again sends Intel and AMD scrambling for a fix | Ars Technica
Hall of Fame: Mark Dowd - YouTube
Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest