Risky Business #630 -- We tried the carrot, it's time for the stick

How the US government could tackle awful enterprise product security...
14 Jul 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • REvil takes a vacation
  • Kaseya finally patches VSA
  • Morgan Stanley data exposed by third party Accellion hack
  • CISA issues emergency directive on MS print spooler bug
  • Patrick and Adam dream up ways for the US government to pressure vendors
  • MORE

This week’s show is brought to you by Senetas. They’ve traditionally made layer 2 encryption gear but, as you’ll hear, they’re moving with the times! Senetas CTO Julian Fay joins us this week to talk through a bunch of stuff – what they’ve been working on, a really interesting project they had to abandon because of COVID and the latest news on the move to quantum-resistant crypto.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware attacks: Pressure grows on Biden to curb costly hacks - The Washington Post
Biden tells Putin the U.S. will take ?any necessary action? after latest massive ransomware attack - The Washington Post
Russian-speaking ransomware gang goes offline
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software – Krebs on Security
(3) Patrick Gray on Twitter: "That’s great! Do they have a time machine, too? Where can we buy tickets?!" / Twitter
ACSC: Australian organizations compromised through ForgeRock vulnerability - The Record by Recorded Future
Morgan Stanley discloses data breach that resulted from Accellion FTA hacks | Ars Technica
Dell Wyse Management Suite subject to database exposure, session hijacking | The Daily Swig
Microsoft Issues Emergency Patch for Windows Flaw – Krebs on Security
Microsoft Patch Tuesday, July 2021 Edition – Krebs on Security
cyber.dhs.gov - Emergency Directive 21-04
Microsoft discovers critical SolarWinds zero-day under active attack | Ars Technica
Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers | WIRED
China tightens control over cybersecurity in data crackdown - ABC News
Suspected Chinese hackers return with unusual attacks on domestic gambling companies
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards – Microsoft Security Response Center
Feds indict “The Bull” for allegedly selling insider stock info on the dark web | Ars Technica
UK judge gives US a shot to appeal denial of Julian Assange's extradition
Over 780,000 email accounts compromised by Emotet have been secured - The Record by Recorded Future
Hiltzik: The threat of ransomware - Los Angeles Times
Matt Bevan on Twitter: "Wow @youtube @googledownunder this is a full-blown deepfake ad running on your platform... you probably shouldn't have those. https://t.co/S19nQYR9iH" / Twitter
Troy Hunt on Twitter: "Huh - what - why?! “Ransomware-hit law firm gets court order asking crooks not to publish the data they stole” https://t.co/ugheahUmgw" / Twitter
Ransomware-hit law firm gets court order asking crooks not to publish the data they stole • The Register
Migration to Post-Quantum Cryptography