Brought to you by Trail of Bits

We don't just fix bugs, we fix software

Show notes

T-Mobile breach climbs to over 50 million people

T-Mobile: Breach Exposed SSN/DOB of 40M+ People – Krebs on Security

1.9 million records from the FBI's terrorist watchlist leaked online - The Record by Recorded Future

Facebook, other platforms scramble to secure user accounts in Afghanistan

This $600 Million Crypto Heist Is the Most Bizarre Hack in Recent Memory

A Hacker Stole and Then Returned $600 Million

Japanese crypto-exchange Liquid hacked for $94 million - The Record by Recorded Future

Operator of the Helix bitcoin mixer pleads guilty to money laundering - The Record by Recorded Future

Healthcare provider expected to lose $106.8 million following ransomware attack - The Record by Recorded Future

Hospitals hamstrung by ransomware are turning away patients | Ars Technica

US healthcare org sends data breach warning to 1.4m patients following ransomware attack | The Daily Swig

The pandemic revealed the health risks of hospital ransomware attacks - The Verge

Ransomware hackers could hit U.S. supply chain, experts warn

Ransomware hits Lojas Renner, Brazil's largest clothing store chain - The Record by Recorded Future

RansomClave project uses Intel SGX enclaves for ransomware attacks - The Record by Recorded Future

Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security

Japan's Tokio Marine is the latest insurer to be victimized by ransomware

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up

White House to tackle cyber challenges with Apple, IBM, insurance CEOs | Reuters

FBI sends its first-ever alert about a 'ransomware affiliate' - The Record by Recorded Future

New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks - The Record by Recorded Future

Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability

Peterborough NH Cyberattack: Town Loses $2.3M in Taxpayer Money – NBC Boston

Almost 2,000 Exchange servers hacked using ProxyShell exploit - The Record by Recorded Future

ALTDOS hacking group wreaks havoc across Southeast Asia - The Record by Recorded Future

Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran's Evin Prison - by Kim Zetter - Zero Day

Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers

Apple says researchers can vet its child safety features. But it’s suing a startup that does just that. | MIT Technology Review

This $500 Million Russian Cyber Mogul Planned To Take His Company Public—Then America Accused It Of Hacking For Putin’s Spies

Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future

SNIcat: Circumventing the guardians | mnemonic

BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings

Realtek SDK vulnerabilities impact dozens of downstream IoT vendors | The Daily Swig

Hundreds of thousands of Realtek-based devices under attack from IoT botnet - The Record by Recorded Future

Accellion Kiteworks Vulnerabilities | Insomnia Security

Firewalls and middleboxes can be weaponized for gigantic DDoS attacks - The Record by Recorded Future

Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform - The Record by Recorded Future

Exhaustive study puts China’s infamous Great Firewall under the microscope | The Daily Swig

Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation | The Daily Swig

Benno on Twitter: "I will donate $50 to a charity of @riskybusiness' choice if he puts this in the show." / Twitter

Never a dill moment: Exploiting machine learning pickle files

PrivacyRaven: Implementing a proof of concept for model inversion

GitHub - trailofbits/fickling: A Python pickling decompiler and static analyzer