Risky Business Podcast
October 13, 2021
Risky Business #642 -- Brits, Dutch and Aussies embrace Hounds Doctrine
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- UK, Netherlands and Australia promise offensive response to big ticket ransomware
- Wave of major cyber regulation and legislation in USA
- Iran up in yer O365s, Russians in yer gmails
- Submarine spy guy would have been fine, if he didn’t make one very big mistake
- Much, much more
Jonathan Reiber is this week’s sponsor guest. He’s senior director of cybersecurity at AttackIQ and he’s joining us to talk through the US Government’s executive order on Zero Trust. Jonathan says it is actually born of a realisation the US Government needs to do something differently, that the old approaches aren’t working.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by AttackIQ
Breach and Attack Simulation with MITRE ATT&CK
Show notes
UK cyber head says Russia responsible for 'devastating' ransomware attacks - BBC News
Ransomware hackers find vulnerable target in U.S. grain supply
Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets
Microsoft: Iran-linked hackers breached Office 365 customer accounts - The Record by Recorded Future
Google notifies 14,000 Gmail users of targeted APT28 attacks - The Record by Recorded Future
Peanut butter and ProtonMail: US charges underscore evolution of espionage in digital age
Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes | Reuters
Senate committee advances major cybersecurity legislation - The Record by Recorded Future
DOJ to go after government contractors who don't disclose breaches - The Record by Recorded Future
TSA to impose cybersecurity mandates on major rail and subway systems - The Washington Post
OMB orders federal agencies to let CISA access defenses of devices, servers
CIA Funding Arm Gave Encrypted App Wickr $1.6 Million
U.S. prosecution of alleged WikiLeaks ‘Vault 7’ source hits multiple roadblocks
Ukraine arrests operator of DDoS botnet with 100,000 bots - The Record by Recorded Future
Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever - The Record by Recorded Future
Trolls defaced Twitch's website with pictures of Jeff Bezos, the latest security concern
Video game streaming service Twitch suffers major data breach
Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly
NSA warns of ALPACA TLS attack, use of wildcard TLS certificates - The Record by Recorded Future
Reverse engineering and decrypting CyberArk vault credential files | Jelle Vergeer
Apple patches iPhone zero-day in iOS 15.0.2 - The Record by Recorded Future
Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2 | IOMFB_integer_overflow_poc
Apache HTTP Server update fails to squash path traversal, RCE bugs | The Daily Swig
Executive Order on Improving the Nation's Cybersecurity | The White House