Risky Business #648 -- Adios, 2021, it's been real

The last Risky Business news episode for the year...
08 Dec 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • NSO Group tools found on US embassy staff phones in Uganda
  • Mitto is up to shady bidnez
  • Ubiquiti “whistleblower” charged over hack
  • Hounds everywhere
  • Planned Parenthood breached
  • Much, much more

This week’s sponsor interview is with Andrew Morris of Greynoise.

Greynoise has a bunch of sensors out there on the Internets, so they can tell you when and IP that’s hitting you is also hitting everyone else. If you work in a SOC, you know this is very useful. Greynoise has just signed a $30m deal with the US Department of Defense. As Andrew will explain in just a moment, this means if you work in a DoD agency it’s now very easy for you to get a subscription. In this interview I also talk to Andrew about his adventures chasing down one of the people spamming Internet attached receipt printers with the antiwork manifesto from Reddit.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

NSO Pegasus spyware used to hack U.S. diplomats’ phones - The Washington Post
This Swiss Firm Exec Is Said To Have Operated A Secret Surveillance Operation - Bloomberg
Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” – Krebs on Security
Cyber Command boss acknowledges US military actions against ransomware groups
Canadian spy agency targeted foreign hackers to ‘impose a cost’ for cybercrime - National | Globalnews.ca
FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
gov.uscourts.2.2.million-ransom-seizure - DocumentCloud
400,000 Planned Parenthood users' data stolen in ransomware attack
Canadian police arrest Ottawa resident for ransomware attacks - The Record by Recorded Future
Ransomware tracker: the latest figures [December 2021] - The Record by Recorded Future
Court hands Microsoft control of websites linked to spying by Chinese hackers
NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog
A mysterious threat actor is running hundreds of malicious Tor relays - The Record by Recorded Future
The Justice Department is ramping up its crackdown on money mules
FIN7 hacker trialed in Russia gets no prison time - The Record by Recorded Future
1.5 million users joined Facebook Protect since September - The Record by Recorded Future
Facebook Will Force More At-Risk Accounts to Use Two-Factor | WIRED
Cyber incident reporting mandates suffer another congressional setback
(5) Derek B Johnson on Twitter: "This statement from House Homeland Chair Bennie Thompson and Cyber Subcommittee Chair Yvette Clarke says process around incident reporting legislation was wracked with "dysfunction" and appears to firmly shut the door on the bill being reinserted into the NDAA. https://t.co/iBpmxAFJgQ" / Twitter
BitMart loses $150 million in the second-largest crypto-heist of the year - The Record by Recorded Future
Hacked Cryptocurrency Platform Begs Hacker to Please Return $119 Million
Really stupid “smart contract” bug let hackers steal $31 million in digital coin | Ars Technica
Received Some Random Cryptocurrency? It Might Be a Phishing Scam.
Web skimmers hit 300+ sites hidden inside Google Tag Manager containers - The Record by Recorded Future
New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers
Zoho warns of new zero-day vulnerability exploited in attacks - The Record by Recorded Future
APT groups from China, Russia, and India adopt novel attack technique - The Record by Recorded Future
Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover | The Daily Swig
Compromising Email Supply Chains | CanIPhish
GitHub - SummitRoute/csp_security_mistakes: Cloud service provider security mistakes
USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services - SentinelOne
A different way to do PAM -- Paul Lanzi, Remediant - YouTube
Material Security: Keeping email safe at rest - YouTube
The Sweeney Background Music (1975-1978) - YouTube