Risky Business #644 -- USA sanctions NSO Group, hits REvil

PLUS: A look back at an eight-year-old Risky Biz interview...
10 Nov 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • US sanctions NSO, Candiru, COSEINC and Positive Technologies
  • We wrap up the action in ransomware
  • Why exploit tournaments are boring in America and exciting in China
  • More malicious npm packages in the wild
  • Pentagon updates CMMC to 2.0
  • Much, much more

We’ll hear from Corelight’s CISO Bernard Brantley in this week’s sponsor interview. We’re talking about how attackers think in graphs and defenders think in lists.. Microsoft’s John Lambert wrote a post about that back in 2015, and Bernard joins the show this week to talk about why it’s just as relevant as ever. Stick around for that one.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. sanctions Israel’s NSO Group over Pegasus spyware - The Washington Post
Risky Business #310 -- Export exploits? Wassenaar says no - Risky Business
Positive Technologies says US sanctions had little or no effect on its business - The Record by Recorded Future
Hungarian official confirms government bought and used Pegasus spyware - The Record by Recorded Future
NSO's Pegasus spyware found on the devices of six Palestinian activists - The Record by Recorded Future
“A grim outlook”: How cyber surveillance is booming on a global scale | MIT Technology Review
Spyware providers are flocking to international arms fairs to sell to NATO foes
Ukraine discloses identity of Gamaredon members links it to Russia's FSB - The Record by Recorded Future
PRC says FCC decision to pull China Telecom license was ‘based on suspicion,’ not facts - The Record by Recorded Future
China says a foreign spy agency hacked its airlines, stole passenger records - The Record by Recorded Future
Hackers with Chinese links breach defense, energy targets, including one in US
Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits | The Daily Swig
House approves massive infrastructure plan that includes $1.9 billion for cybersecurity - The Record by Recorded Future
Malware found in coa and rc, two npm packages with 23M weekly downloads - The Record by Recorded Future
Pentagon issues revised cyber standards for contractors - The Record by Recorded Future
Hacker steals $55 million from bZx DeFi platform - The Record by Recorded Future
Suspect in scheme to breach major Twitter accounts is now charged with hacking crypto executives
Scammer Convinced Instagram That Its Top Executive Was Dead
GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps - The Record by Recorded Future
Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features | The Daily Swig
US offers $10 million reward for info on Darkside ransomware group - The Record by Recorded Future
Hackers Apologize to Arab Royal Families for Leaking Their Data
A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked - The Washington Post
BlackMatter ransomware says its shutting down due to pressure from local authorities - The Record by Recorded Future
CERT-France: Lockean ransomware group behind attacks on French companies - The Record by Recorded Future
The ‘Groove’ Ransomware Gang Was a Hoax – Krebs on Security
Ransomware crackdown spreads in U.S., Europe and Asia
US Treasury sanctions crypto-exchange Chatex for links to ransomware payments - The Record by Recorded Future
Shared/Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.md at master · JohnLaTwC/Shared · GitHub
Compare to open source Zeek