Risky Business #649 -- Java being a fiddly mess saves the day

Internet apocalypse avoided...
05 Jan 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The log4j bug wrap
  • The ransomware wrap
  • The human rights and surveillance industry wrap
  • Research and carnage wrap

This week’s show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you’re about to hear they’ve now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched in a few weeks.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

FTC warns companies to remediate Log4j security vulnerability | Federal Trade Commission
Srsly Risky Biz: Thursday December 16
The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review
Propane distributor Superior Plus admits ransomware breach | The Daily Swig
Ransomware attack threatens paychecks just before Christmas
Cyberattack on one of Norway’s largest media companies shuts down presses - The Record by Recorded Future
Photography site Shutterfly is dealing with a ransomware attack - CyberScoop
Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel - The Record by Recorded Future
US food importer Atalanta admits ransomware attack | The Daily Swig
The FBI believes the HelloKitty ransomware gang operates out of Ukraine - The Record by Recorded Future
Ransomware affiliate arrested in Romania - The Record by Recorded Future
Iranian hackers behind Cox Media Group ransomware attack - The Record by Recorded Future
Israeli newspaper Jerusalem Post is hacked, website defaced to include threats
Iranian Hackers Abuse Slack For Cyber Spying
Why Wall Street is worried about state and local government cybersecurity - The Record by Recorded Future
North Korean hackers target Russian diplomats using New Year greetings - The Record by Recorded Future
Egyptian Politician Hacked by 2 Government Hacking Groups, Researchers Say
Saudi women's rights activist says phone hack by U.S. contractors led to arrest -lawsuit | Reuters
UAE agency put Pegasus spyware on the phone of Hanan Elatr, Jamal Khashoggi’s wife - Washington Post
A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists | TechCrunch
Facebook says 50,000 users were targeted by cyber mercenary firms in 2021 | MIT Technology Review
Encrypted Phone Company Backdoored by FBI Will Lead to 'Years' of Arrests
Russian hackers bypass 2FA by annoying victims with repeated push notifications - The Record by Recorded Future
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild - The Record by Recorded Future
Facebook expands bug bounty program to cover scraping attacks - The Record by Recorded Future
Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’ | The Daily Swig
Microsoft notifies customers of Azure bug that exposed their source code - The Record by Recorded Future
US charges former GRU officer with hacking and stock market trading scheme - The Record by Recorded Future
Crypto exchanges keep getting hacked, and there's little anyone can do
CISA tells agencies to patch recent Windows 10 zero-day abused by Emotet botnet - The Record by Recorded Future
Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels | TechCrunch
Backdoor gives hackers complete control over federal agency network | Ars Technica
Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide | Ars Technica