Risky Business #623 -- Ransomware threatens US energy security

Chris Krebs joins the show to talk Colonial...
12 May 2021 » Risky Business

On this week’s show Patrick Gray, Adam Boileau and Chris Krebs discuss the week’s security news, including:

  • An analysis of the Colonial pipeline ransomware attack
  • More ransomware news
  • UK and US expose APT29’s preferred exploits (again)
  • IntrusionTruth drops a new post
  • 128m Apple devices were hit by XCodeGhost
  • Much, much more

This week’s sponsor interview is with Aaron Parecki, a Senior Security Architect at Okta. He’s also been a spec editor and member of the oath working group at IETF for nearly 11 years, so he knows a thing or two about OAuth. He’ll be joining me after the week’s news to talk through the latest OAuth guidance the IETF is going to release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Biden: No evidence Russian government is involved in Colonial ransomware attack | The Record by Recorded Future
15% of 2020 ransomware payments carried a sanctions violations risk | The Record by Recorded Future
A Closer Look at the DarkSide Ransomware Gang – Krebs on Security
US fuel pipeline hackers 'didn't mean to create problems' - BBC News
FBI blames DarkSide ransomware operators for Colonial Pipeline incident - CyberScoop
Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent - CyberScoop
US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules - CyberScoop
Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time
Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption - Zero Day
The Colonial Pipeline Hack Is a New Extreme for Ransomware | WIRED
City of Tulsa hit by ransomware over the weekend | The Record by Recorded Future
Wave of Avaddon ransomware attacks triggers ACSC, FBI warning | The Record by Recorded Future
Ransomware crooks post cops’ psych evaluations after talks with DC police stall | Ars Technica
Court Authorizes Service of John Doe Summons Seeking Identities of U.S. Taxpayers Who Have Used Cryptocurrency | OPA | Department of Justice
UK and US share more vulnerabilities exploited by Russia's APT29 hackers | The Record by Recorded Future
Intrusion Truth details work of suspected Chinese hackers who are under indictment in US
SolarWinds says fewer than 100 customers were impacted by supply chain attack | The Record by Recorded Future
US spy agencies review software suppliers' ties to Russia following SolarWinds hack
Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet | WIRED
'Conspiracy is hard': Inside the Trump administration's secret plan to kill Qassem Soleimani
FragAttacks: Security flaws in all Wi-Fi devices
WiFi devices going back to 1997 vulnerable to new Frag Attacks | The Record by Recorded Future
An estimated 30% of all smartphones vulnerable to new Qualcomm bug | The Record by Recorded Future
New TsuNAME bug can be used to DDoS key DNS servers | The Record by Recorded Future
Google to make multi-factor authentication its default mode
Chinese military unit accused of cyber-espionage bought multiple western antivirus products | The Record by Recorded Future
Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse | Ars Technica
DOD expands vulnerability disclosure program, giving hackers more approved targets
Google and Mozilla will bake HTML sanitization into their browsers | The Daily Swig
Scammer Used Fake Court Order to Take Over Dark Web Drug Market Directory