Risky Business Podcast

November 24, 2021

Risky Business #646 -- Apple cracks the sads, sues NSO Group

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Apple sues NSO Group and it’s all a bit weird
  • Israel charges defence minister’s house cleaner with Iranian hacker collusion (really)
  • USA charges two Iranians over “Proud Boy” emails
  • Cyber insurers nope out of comprehensive coverage
  • Prodaft shells Conti, drops report like it’s a Normal Thing
  • Much, much more

This week’s show is sponsored by VMRay. We’ll be chatting with one of VMRay’s customers in this week’s sponsor interview. Jim Byrge works on the CSIRT team at Valvoline, and he’ll be along to talk about how they replaced their ageing, in-house developed SOAR platform with commercial tools. It was still harder than it should be in 2021, but they got there in the end.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #646 -- Apple cracks the sads, sues NSO Group
0:00 / 0:00

Show notes

Apple sues spyware maker NSO Group - The Record by Recorded Future

Apple_v_NSO_Complaint_112321.pdf

Crime Boss or Tech CEO? An Encrypted Phone Company Sues the Government to Save Itself

Israel charges Defense Minister's house cleaner with leaking data to Iranian hackers - The Record by Recorded Future

US charges Iranian hackers for spoofed Proud Boys emails threatening US voters - The Record by Recorded Future

Insurers run from ransomware cover as losses mount | Reuters

Brisbane’s Langs Building Supplies and Melbourne’s Network Overdrive hit by cyber attack | news.com.au — Australia’s leading news site

IRS seized $3.5 billion in cryptocurrency this past year, agency says

Conti ransomware gang suffers security breach - The Record by Recorded Future

Tor Project sees decline in server numbers, will offer rewards for new bridge operators - The Record by Recorded Future

Conti gang has made at least $25.5 million since July 2021 - The Record by Recorded Future

A third of all dark web domains are now v3 onion sites - The Record by Recorded Future

Evil Corp: 'My hunt for the world's most wanted hackers' - BBC News

Arrest in ‘Ransom Your Employer’ Email Scheme – Krebs on Security

FBI identified BEC scammers using bank surveillance footage - The Record by Recorded Future

Banks must report major cyber incidents within 36 hours under finalized regulation

Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities | WIRED

GoDaddy data breach impacts 1.2 million WordPress site owners - The Record by Recorded Future

Attackers don't bother brute-forcing long passwords, Microsoft engineer says - The Record by Recorded Future

NUCLEUS:13 – Host of vulnerabilities shatter Nucelus TCP/IP stack defenses | The Daily Swig

Malicious Python packages caught stealing Discord tokens, installing shells - The Record by Recorded Future

Vulnerabilities in NPM allowed threat actors to publish new version of any package | The Daily Swig

US, UK, and Australia warn of Iranian hacking activity after Microsoft report - The Record by Recorded Future

FBI: An APT abused a zero-day in FatPipe VPNs for six months - The Record by Recorded Future

CISA, FBI issue holiday warning about hackers, urge vigilance - The Record by Recorded Future