Risky Business #645 -- How Israel used NSO to make friends in low places

PLUS: Candiru hacked UK publication, 0dayed its readers...
17 Nov 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Watering hole attacks are getting much better
  • How Israel’s government used NSO to strengthen its diplomatic ties
  • Randori sat on some PAN 0day. This is fine.
  • Facebook outs state-backed ops
  • FBi has unfortunate incident with its mail boxes
  • Much, much more

This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external discovery products like Censys.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

British news website was hacked to control readers' computers, report says
Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity
Analyzing a watering hole campaign using macOS exploits
Israel, spyware and corruption: NSO ties to Netanyahu, Bennett and other politicians - Israel News - Haaretz.com
Pakistani hackers operated a fake app store to target former Afghan officials - The Record by Recorded Future
Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors
New Moses Staff group targets Israeli organizations in destructive attacks - The Record by Recorded Future
Kevin Beaumont on Twitter: "Pay attention to this one when it’s out. I haven’t seen it, but it’s possible to use BitLocker to remotely (re)encrypt every endpoint in AD in a way that only the attacker can decrypt… and it bypasses sec solutions. So I imagine it’s that." / Twitter
Hacker sends spam to 100,000 from FBI email address
Booking.com was reportedly hacked by a US intel agency but never told customers | Ars Technica
‘Ghostwriter’ Looks Like a Purely Russian Op—Except It's Not | WIRED
Emotet botnet returns after law enforcement mass-uninstall operation - The Record by Recorded Future
Canadian health systems recovering from breach that forced thousands of appointment cancellations
Dustin Volz on Twitter: "@riskybusiness @DAlperovitch I think folks outside government can also underestimate how much agencies rehearse talking points and in testimony like this and try to be always on the same page—unless they don’t want to be. And that adds to the sense of “conflict” or “disagreement” for some of us." / Twitter
CERT-PL employees rally around politically-dismissed chief - The Record by Recorded Future
US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits - The Record by Recorded Future
Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating | Ars Technica
DDR4 memory protections are broken wide open by new Rowhammer technique | Ars Technica
New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica
GoCD bug chain provides second springboard for supply chain attacks | The Daily Swig
‘Add yourself as super admin’ – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover | The Daily Swig
Adult cam site StripChat exposes the data of millions of users and cam models - The Record by Recorded Future
Hundreds of WordPress sites defaced in fake ransomware attacks - The Record by Recorded Future