Risky Business Podcast

January 05, 2022

Risky Business #649 -- Java being a fiddly mess saves the day

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The log4j bug wrap
  • The ransomware wrap
  • The human rights and surveillance industry wrap
  • Research and carnage wrap

This week’s show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you’re about to hear they’ve now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched in a few weeks.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #649 -- Java being a fiddly mess saves the day
0:00 / 0:00

Show notes

FTC warns companies to remediate Log4j security vulnerability | Federal Trade Commission

Srsly Risky Biz: Thursday December 16

The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review

Propane distributor Superior Plus admits ransomware breach | The Daily Swig

Ransomware attack threatens paychecks just before Christmas

Cyberattack on one of Norway’s largest media companies shuts down presses - The Record by Recorded Future

Photography site Shutterfly is dealing with a ransomware attack - CyberScoop

Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel - The Record by Recorded Future

US food importer Atalanta admits ransomware attack | The Daily Swig

The FBI believes the HelloKitty ransomware gang operates out of Ukraine - The Record by Recorded Future

Ransomware affiliate arrested in Romania - The Record by Recorded Future

Iranian hackers behind Cox Media Group ransomware attack - The Record by Recorded Future

Israeli newspaper Jerusalem Post is hacked, website defaced to include threats

Iranian Hackers Abuse Slack For Cyber Spying

Why Wall Street is worried about state and local government cybersecurity - The Record by Recorded Future

North Korean hackers target Russian diplomats using New Year greetings - The Record by Recorded Future

Egyptian Politician Hacked by 2 Government Hacking Groups, Researchers Say

Saudi women's rights activist says phone hack by U.S. contractors led to arrest -lawsuit | Reuters

UAE agency put Pegasus spyware on the phone of Hanan Elatr, Jamal Khashoggi’s wife - Washington Post

A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists | TechCrunch

Facebook says 50,000 users were targeted by cyber mercenary firms in 2021 | MIT Technology Review

Encrypted Phone Company Backdoored by FBI Will Lead to 'Years' of Arrests

Russian hackers bypass 2FA by annoying victims with repeated push notifications - The Record by Recorded Future

More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild - The Record by Recorded Future

Facebook expands bug bounty program to cover scraping attacks - The Record by Recorded Future

Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’ | The Daily Swig

Microsoft notifies customers of Azure bug that exposed their source code - The Record by Recorded Future

US charges former GRU officer with hacking and stock market trading scheme - The Record by Recorded Future

Crypto exchanges keep getting hacked, and there's little anyone can do

CISA tells agencies to patch recent Windows 10 zero-day abused by Emotet botnet - The Record by Recorded Future

Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels | TechCrunch

Backdoor gives hackers complete control over federal agency network | Ars Technica

Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide | Ars Technica