Risky Business Podcast
July 21, 2021
Risky Business #631 -- USA and friends send nastygram to China
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:
- USA and friends send a sternly worded letter
- NSO group in the news, but parts of the coverage don’t add up
- Google TAG drops another great post
- We unveil the details of the earth shattering Kaseya 0day cyberweapon
- MORE
This week’s show is brought to you by Signal Sciences, which is now a part of Fastly. Instead of booking an interview with one of their staff, they suggested we interview one of their customers – so this week’s sponsor guest is J J Agha, the CISO of Compass, the American real estate website.
He’ll be joining us to talk about his general approach, and yes, Signal Sciences is a part of that, but he’ll speak to automation and orchestration and a bunch of other stuff too.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Fastly
Modern web app and API security, anywhere
Show notes
U.S. accuses China of abetting ransomware attack
Microsoft links Serv-U zero-day attacks to Chinese hacking group - The Record by Recorded Future
Pegasus: NSO clients spying disclosures prompt political rows across world | India | The Guardian
Pegasus spyware: NSO Group’s cloud infrastructure shut down by Amazon, says Vice
Response from NSO and governments | World news | The Guardian
This tool tells you if NSO’s Pegasus spyware targeted your phone | TechCrunch
The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones | WIRED
How we protect users from 0-day attacks
Google patches Chrome zero-day, eighth one in 2021 - The Record by Recorded Future
That iPhone WiFi crash bug is far worse than initially thought - The Record by Recorded Future
Lawmakers Look to Improve Cyber Workforce, Especially for Acquisitions - Nextgov
GSA blocks senator from reviewing documents used to approve Zoom for government use | TechCrunch
TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware
US government launches plans to cut cybercriminals off from cryptocurrency
Microsoft takes control of 17 domains used by West African BEC gang - The Record by Recorded Future
Momentum builds on federal oversight of facial recognition tech after reported abuses
Amnesty sues NYPD, seeking details about facial recognition technology and arrest data
Windows Hello bypassed using infrared image - The Record by Recorded Future
Inside the Industry That Unmasks People at Scale
Instagram rolls out new tool to help users secure hacked accounts - The Record by Recorded Future
Facebook says Iranian hackers used it to lure defense company employees
Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
DevSecAI: GitHub Copilot prone to writing security flaws | The Daily Swig
Hackers Move to Extort Gaming Giant EA
Patrick Gray on Twitter: "Good to know!" / Twitter