Risky Business #631 -- USA and friends send nastygram to China

That'll learn 'em...
21 Jul 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • USA and friends send a sternly worded letter
  • NSO group in the news, but parts of the coverage don’t add up
  • Google TAG drops another great post
  • We unveil the details of the earth shattering Kaseya 0day cyberweapon
  • MORE

This week’s show is brought to you by Signal Sciences, which is now a part of Fastly. Instead of booking an interview with one of their staff, they suggested we interview one of their customers – so this week’s sponsor guest is J J Agha, the CISO of Compass, the American real estate website.

He’ll be joining us to talk about his general approach, and yes, Signal Sciences is a part of that, but he’ll speak to automation and orchestration and a bunch of other stuff too.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China | The White House
Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks - The Washington Post
US says Chinese hackers breached 13 pipeline operators between 2011 and 2013 - The Record by Recorded Future
U.S. accuses China of abetting ransomware attack
Microsoft links Serv-U zero-day attacks to Chinese hacking group - The Record by Recorded Future
Pegasus: NSO clients spying disclosures prompt political rows across world | India | The Guardian
Pegasus spyware: NSO Group’s cloud infrastructure shut down by Amazon, says Vice
Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests | Jamal Khashoggi | The Guardian
Response from NSO and governments | World news | The Guardian
This tool tells you if NSO’s Pegasus spyware targeted your phone | TechCrunch
Windows spyware and zero-days linked to prodigious Israeli hack-for-hire company - The Record by Recorded Future
Google: Three recent zero-days have been used against Armenian targets - The Record by Recorded Future
The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones | WIRED
How we protect users from 0-day attacks
Google patches Chrome zero-day, eighth one in 2021 - The Record by Recorded Future
That iPhone WiFi crash bug is far worse than initially thought - The Record by Recorded Future
Brian in Pittsburgh on Twitter: "The vulnerabilities exploited to accomplish the Kaseya customer intrusions were as dumb as you were probably expecting: https://t.co/eOnManp6ar" / Twitter
Ransomware incident at major cloud provider disrupts real estate, title industry - The Record by Recorded Future
Lawmakers Look to Improve Cyber Workforce, Especially for Acquisitions - Nextgov
GSA blocks senator from reviewing documents used to approve Zoom for government use | TechCrunch
TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware
US offers $10 million reward for info on state-sponsored hackers disrupting critical infrastructure - The Record by Recorded Future
US government launches plans to cut cybercriminals off from cryptocurrency
Microsoft takes control of 17 domains used by West African BEC gang - The Record by Recorded Future
Momentum builds on federal oversight of facial recognition tech after reported abuses
Amnesty sues NYPD, seeking details about facial recognition technology and arrest data
Windows Hello bypassed using infrared image - The Record by Recorded Future
Inside the Industry That Unmasks People at Scale
Instagram rolls out new tool to help users secure hacked accounts - The Record by Recorded Future
Facebook says Iranian hackers used it to lure defense company employees
Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
DevSecAI: GitHub Copilot prone to writing security flaws | The Daily Swig
Hackers Move to Extort Gaming Giant EA
RCE vulnerability in Cloudflare CDN could have allowed complete compromise of websites | The Daily Swig
Patrick Gray on Twitter: "Good to know!" / Twitter
Kevin Beaumont on Twitter: "Oh dear. I need to validate this myself, but it seems like MS may have goofed up and made the SAM database (user passwords) accessible to non-admin users in Win 10." / Twitter
Vortimo [www] – Pro browser extension
Demand More from Your WAF - Signal Sciences