Risky Business #635 -- Owned via telnet? Must be "highly sophisticated attackers"!

PLUS: Why you'll probably get DDoS'd by the Great Firewall of China...
25 Aug 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • T-Mobile owned hard
  • USA no fly list winds up on unsecured ElasticSearch in Bahrain… because reasons
  • Facebook scrambles to secure Afghani accounts
  • Hacker steals and returns $600 from de-fi platform
  • Healthcare sector struggles with ransomware attacks
  • A very sweet TCP-based amplification technique that will be A Problem
  • Much, much more

Evan Sultanik and Dan Guido will be joining us to talk about Fickling – a tool developed by Trail of Bits to do unnatural things to the Python Pickle files that are heavily used as a means to share machine learning models. The machine learning supply chain is really quite wobbly, and they’ll be joining us later to talk about that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

T-Mobile breach climbs to over 50 million people
T-Mobile: Breach Exposed SSN/DOB of 40M+ People – Krebs on Security
1.9 million records from the FBI's terrorist watchlist leaked online - The Record by Recorded Future
Facebook, other platforms scramble to secure user accounts in Afghanistan
This $600 Million Crypto Heist Is the Most Bizarre Hack in Recent Memory
A Hacker Stole and Then Returned $600 Million
Japanese crypto-exchange Liquid hacked for $94 million - The Record by Recorded Future
Operator of the Helix bitcoin mixer pleads guilty to money laundering - The Record by Recorded Future
Healthcare provider expected to lose $106.8 million following ransomware attack - The Record by Recorded Future
Hospitals hamstrung by ransomware are turning away patients | Ars Technica
US healthcare org sends data breach warning to 1.4m patients following ransomware attack | The Daily Swig
The pandemic revealed the health risks of hospital ransomware attacks - The Verge
Ransomware hackers could hit U.S. supply chain, experts warn
Ransomware hits Lojas Renner, Brazil's largest clothing store chain - The Record by Recorded Future
RansomClave project uses Intel SGX enclaves for ransomware attacks - The Record by Recorded Future
Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security
Japan's Tokio Marine is the latest insurer to be victimized by ransomware
Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up
White House to tackle cyber challenges with Apple, IBM, insurance CEOs | Reuters
FBI sends its first-ever alert about a 'ransomware affiliate' - The Record by Recorded Future
New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks - The Record by Recorded Future
Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability
Peterborough NH Cyberattack: Town Loses $2.3M in Taxpayer Money – NBC Boston
Almost 2,000 Exchange servers hacked using ProxyShell exploit - The Record by Recorded Future
ALTDOS hacking group wreaks havoc across Southeast Asia - The Record by Recorded Future
Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran's Evin Prison - by Kim Zetter - Zero Day
Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers
Apple says researchers can vet its child safety features. But it’s suing a startup that does just that. | MIT Technology Review
This $500 Million Russian Cyber Mogul Planned To Take His Company Public—Then America Accused It Of Hacking For Putin’s Spies
Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future
SNIcat: Circumventing the guardians | mnemonic
BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings
Realtek SDK vulnerabilities impact dozens of downstream IoT vendors | The Daily Swig
Hundreds of thousands of Realtek-based devices under attack from IoT botnet - The Record by Recorded Future
Accellion Kiteworks Vulnerabilities | Insomnia Security
Firewalls and middleboxes can be weaponized for gigantic DDoS attacks - The Record by Recorded Future
Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform - The Record by Recorded Future
Exhaustive study puts China’s infamous Great Firewall under the microscope | The Daily Swig
Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation | The Daily Swig
Benno on Twitter: "I will donate $50 to a charity of @riskybusiness' choice if he puts this in the show." / Twitter
Never a dill moment: Exploiting machine learning pickle files
PrivacyRaven: Implementing a proof of concept for model inversion
GitHub - trailofbits/fickling: A Python pickling decompiler and static analyzer