This episode sponsored by Thinkst.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Ransomware attack threatens Australian and US beef supply
- Talos dubs Russian ransomware crews “privateers”
- NYTimes writes another bad story
- More Fortinet pwnage
- Belgian government rolls Hafnium IR and finds, well, something else
- Google unveils new rowhammer techniques
- Much, much more
Haroon Meer of Thinkst Canary is this week’s sponsor guest. Thinkst is spinning up a labs division, but they’ll be doing something different to the same-old bug hunting. That’s a quality conversation.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Full impact still being assessed in JBS cyber-security attack - Beef Central
- JBS to bring most plants online after ransomware attack - Axios
- JBS Cyber Hack: Meat Supplier Shuts Down Some Slaughterhouses After Attack - Bloomberg
- Hackers hit Australian meatworks giant | 7NEWS.com.au
- Colonial hack exposed TSA’s light-touch oversight of pipeline cybersecurity - The Washington Post
- TSA cyber requirements would fine pipeline operators for lax security practices
- Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber
- Security researchers suggest naming state-harbored hackers 'privateers'
- Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency - The New York Times
- The SolarWinds Hackers Aren’t ‘Back.’ They Never Went Away | WIRED
- Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing
- US seizes two domains used by the SVR in recent hacking campaign | The Record by Recorded Future
- SVR cyberspies used iOS zero-day in recent phishing campaign | The Record by Recorded Future
- FBI says an APT breached a US municipal government via an unpatched Fortinet VPN | The Record by Recorded Future
- Days before a report, Chinese hackers removed malware from infected networks | The Record by Recorded Future
- Belgium government discovers old 2019 hack during Hafnium investigation | The Record by Recorded Future
- Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population
- Faulty emailing tool prevented Accellion from notifying customers of attacks | The Record by Recorded Future
- The FBI will feed hacked passwords directly into Have I Been Pwned | The Record by Recorded Future
- Macron says wiretapping ‘not acceptable between allies’ after report adds details about old NSA program - The Washington Post
- Malware campaign targets server hosting software CWP | The Record by Recorded Future
- Fujitsu suspends ProjectWEB platform after Japanese government hacks | The Record by Recorded Future
- Hackers target Japanese government, transportation entities
- Using Fake Reviews to Find Dangerous Extensions – Krebs on Security
- Boss of ATM Skimming Syndicate Arrested in Mexico – Krebs on Security
- Russian hacker Pavel Sitnikov arrested for sharing malware source code | The Record by Recorded Future
- French authorities seize their third dark web marketplace | The Record by Recorded Future
- WhatsApp’s Fight With India Has Global Implications | WIRED
- Threema, the European rival to Signal, wins pivotal privacy battle in Swiss Court | The Daily Swig
- Apple’s M1 Chip Has a Fascinating Flaw | WIRED
- Google says Rowhammer attacks are gaining range as RAM is getting smaller | The Record by Recorded Future
- No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw | Ars Technica
- Inside The ‘World’s Largest’ Video Game Cheating Empire
- 'FIND THIS FUCK:' Inside Citizen’s Dangerous Effort to Cash In On Vigilantism
- Hacktivist Posts Massive Scrape of Crime App Citizen to Dark Web
