Risky Business #646 -- Apple cracks the sads, sues NSO Group

Its feelings are hurt, and NSO will feel its pain...
24 Nov 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Apple sues NSO Group and it’s all a bit weird
  • Israel charges defence minister’s house cleaner with Iranian hacker collusion (really)
  • USA charges two Iranians over “Proud Boy” emails
  • Cyber insurers nope out of comprehensive coverage
  • Prodaft shells Conti, drops report like it’s a Normal Thing
  • Much, much more

This week’s show is sponsored by VMRay. We’ll be chatting with one of VMRay’s customers in this week’s sponsor interview. Jim Byrge works on the CSIRT team at Valvoline, and he’ll be along to talk about how they replaced their ageing, in-house developed SOAR platform with commercial tools. It was still harder than it should be in 2021, but they got there in the end.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Apple sues spyware maker NSO Group - The Record by Recorded Future
Crime Boss or Tech CEO? An Encrypted Phone Company Sues the Government to Save Itself
Israel charges Defense Minister's house cleaner with leaking data to Iranian hackers - The Record by Recorded Future
US charges Iranian hackers for spoofed Proud Boys emails threatening US voters - The Record by Recorded Future
Insurers run from ransomware cover as losses mount | Reuters
Brisbane’s Langs Building Supplies and Melbourne’s Network Overdrive hit by cyber attack | news.com.au — Australia’s leading news site
IRS seized $3.5 billion in cryptocurrency this past year, agency says
Conti ransomware gang suffers security breach - The Record by Recorded Future
Tor Project sees decline in server numbers, will offer rewards for new bridge operators - The Record by Recorded Future
Conti gang has made at least $25.5 million since July 2021 - The Record by Recorded Future
A third of all dark web domains are now v3 onion sites - The Record by Recorded Future
Evil Corp: 'My hunt for the world's most wanted hackers' - BBC News
Arrest in ‘Ransom Your Employer’ Email Scheme – Krebs on Security
FBI identified BEC scammers using bank surveillance footage - The Record by Recorded Future
Banks must report major cyber incidents within 36 hours under finalized regulation
Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities | WIRED
GoDaddy data breach impacts 1.2 million WordPress site owners - The Record by Recorded Future
Attackers don't bother brute-forcing long passwords, Microsoft engineer says - The Record by Recorded Future
NUCLEUS:13 – Host of vulnerabilities shatter Nucelus TCP/IP stack defenses | The Daily Swig
Malicious Python packages caught stealing Discord tokens, installing shells - The Record by Recorded Future
Vulnerabilities in NPM allowed threat actors to publish new version of any package | The Daily Swig
US, UK, and Australia warn of Iranian hacking activity after Microsoft report - The Record by Recorded Future
FBI: An APT abused a zero-day in FatPipe VPNs for six months - The Record by Recorded Future
CISA, FBI issue holiday warning about hackers, urge vigilance - The Record by Recorded Future