Risky Business Podcast

November 17, 2021

Risky Business #645 -- How Israel used NSO to make friends in low places

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Watering hole attacks are getting much better
  • How Israel’s government used NSO to strengthen its diplomatic ties
  • Randori sat on some PAN 0day. This is fine.
  • Facebook outs state-backed ops
  • FBi has unfortunate incident with its mail boxes
  • Much, much more

This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external discovery products like Censys.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #645 -- How Israel used NSO to make friends in low places
0:00 / 0:00

Show notes

British news website was hacked to control readers' computers, report says

Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity

Analyzing a watering hole campaign using macOS exploits

Israel, spyware and corruption: NSO ties to Netanyahu, Bennett and other politicians - Israel News - Haaretz.com

Pakistani hackers operated a fake app store to target former Afghan officials - The Record by Recorded Future

Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors

New Moses Staff group targets Israeli organizations in destructive attacks - The Record by Recorded Future

Kevin Beaumont on Twitter: "Pay attention to this one when it’s out. I haven’t seen it, but it’s possible to use BitLocker to remotely (re)encrypt every endpoint in AD in a way that only the attacker can decrypt… and it bypasses sec solutions. So I imagine it’s that." / Twitter

Hacker sends spam to 100,000 from FBI email address

Booking.com was reportedly hacked by a US intel agency but never told customers | Ars Technica

‘Ghostwriter’ Looks Like a Purely Russian Op—Except It's Not | WIRED

Emotet botnet returns after law enforcement mass-uninstall operation - The Record by Recorded Future

Canadian health systems recovering from breach that forced thousands of appointment cancellations

Dustin Volz on Twitter: "@riskybusiness @DAlperovitch I think folks outside government can also underestimate how much agencies rehearse talking points and in testimony like this and try to be always on the same page—unless they don’t want to be. And that adds to the sense of “conflict” or “disagreement” for some of us." / Twitter

CERT-PL employees rally around politically-dismissed chief - The Record by Recorded Future

US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits - The Record by Recorded Future

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating | Ars Technica

DDR4 memory protections are broken wide open by new Rowhammer technique | Ars Technica

New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica

GoCD bug chain provides second springboard for supply chain attacks | The Daily Swig

‘Add yourself as super admin’ – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover | The Daily Swig

Adult cam site StripChat exposes the data of millions of users and cam models - The Record by Recorded Future

Hundreds of WordPress sites defaced in fake ransomware attacks - The Record by Recorded Future