On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:
- REvil takes a vacation
- Kaseya finally patches VSA
- Morgan Stanley data exposed by third party Accellion hack
- CISA issues emergency directive on MS print spooler bug
- Patrick and Adam dream up ways for the US government to pressure vendors
- MORE
This week’s show is brought to you by Senetas. They’ve traditionally made layer 2 encryption gear but, as you’ll hear, they’re moving with the times! Senetas CTO Julian Fay joins us this week to talk through a bunch of stuff – what they’ve been working on, a really interesting project they had to abandon because of COVID and the latest news on the move to quantum-resistant crypto.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Ransomware attacks: Pressure grows on Biden to curb costly hacks - The Washington Post
- Biden tells Putin the U.S. will take ?any necessary action? after latest massive ransomware attack - The Washington Post
- Russian-speaking ransomware gang goes offline
- Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software – Krebs on Security
- (3) Patrick Gray on Twitter: "That’s great! Do they have a time machine, too? Where can we buy tickets?!" / Twitter
- ACSC: Australian organizations compromised through ForgeRock vulnerability - The Record by Recorded Future
- Morgan Stanley discloses data breach that resulted from Accellion FTA hacks | Ars Technica
- Dell Wyse Management Suite subject to database exposure, session hijacking | The Daily Swig
- Microsoft Issues Emergency Patch for Windows Flaw – Krebs on Security
- Microsoft Patch Tuesday, July 2021 Edition – Krebs on Security
- cyber.dhs.gov - Emergency Directive 21-04
- Microsoft discovers critical SolarWinds zero-day under active attack | Ars Technica
- Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers | WIRED
- China tightens control over cybersecurity in data crackdown - ABC News
- Suspected Chinese hackers return with unusual attacks on domestic gambling companies
- Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards – Microsoft Security Response Center
- Feds indict “The Bull” for allegedly selling insider stock info on the dark web | Ars Technica
- UK judge gives US a shot to appeal denial of Julian Assange's extradition
- Over 780,000 email accounts compromised by Emotet have been secured - The Record by Recorded Future
- Hiltzik: The threat of ransomware - Los Angeles Times
- Matt Bevan on Twitter: "Wow @youtube @googledownunder this is a full-blown deepfake ad running on your platform... you probably shouldn't have those. https://t.co/S19nQYR9iH" / Twitter
- Troy Hunt on Twitter: "Huh - what - why?! “Ransomware-hit law firm gets court order asking crooks not to publish the data they stole” https://t.co/ugheahUmgw" / Twitter
- Ransomware-hit law firm gets court order asking crooks not to publish the data they stole • The Register
- Migration to Post-Quantum Cryptography