Risky Business #629 -- Kaseya 0day was utter trash

No, this REvil crew aren't the "apex predators" of the Internet...
07 Jul 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • Our take on the REvil attack against Kaseya customers
  • Microsoft’s print spooler bug is a real worry
  • Reports the RNC breached by Russia’s SVR
  • NSA snaps GRU brute forcing efforts
  • Much, much more

This week’s show is brought to you by Material Security, a very interesting startup that has a completely different take on what email security actually is. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about the cool stuff they’re doing on the analytics side.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Why the Kaseya ransomware attack has experts worried
White House rebukes ransomware gang as number of apparent REvil victims remains uncertain - CyberScoop
Patrick Gray on Twitter: "https://t.co/ppGlxTu4CL" / Twitter
Hackers behind holiday crime spree demand $70 million, say they locked 1 million devices
Kaseya zero-day involved in ransomware attack, patches coming - The Record by Recorded Future
Supermarket chain Coop closes 800 stores following Kaseya ransomware attack - The Record by Recorded Future
REvil ransomware gang executes supply chain attack via malicious Kaseya update - The Record by Recorded Future
Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day - Security - Software - iTnews
Russia still using 'brute force' to break into computer systems
Republican National Committee Hack: Russian Cozy Bear Group Breached Computers - Bloomberg
Chinese cyberspies targeted the Afghan National Security Council - The Record by Recorded Future
Mongolian certificate authority hacked eight times, compromised with malware - The Record by Recorded Future
Israeli charged in global hacker-for-hire scheme wants plea deal -court filing | Reuters
A new ‘digital violence’ platform maps dozens of victims of NSO Group’s spyware | TechCrunch
Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress
Dutch police takes down DoubleVPN, a service used by cybercrime groups - The Record by Recorded Future
Gozi malware gang member arrested in Colombia - The Record by Recorded Future
New charges filed against Capital One hacker, trial postponed to 2022 - The Record by Recorded Future
Windows 11’s Security Push Puts Microsoft on a Collision Course | WIRED
Apps with 5.8 million Google Play downloads stole users’ Facebook passwords | Ars Technica
Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page’ | The Daily Swig
GETTR Is the Trump Team’s Buggy, Leaky Twitter Clone
Hackers Scrape 90,000 GETTR User Emails, Surprising No One
Kaspersky Password Manager: All your passwords are belong to us | Donjon