On this week’s show Patrick Gray, Katie Nickels and Joe Slowik discuss the week’s security news, including:
- US Government warns of impending critical infrastructure hacks
- Log4j bug in VMWare gets a workout
- Ex Uber CSO Joe Sullivan facing wire fraud charges
- Signal to push ahead on cryptocurrency payments
- Italian literary nerd busted for running one man APT operation
- Much, much more
This week’s show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there and he’s joining us this week to talk about the log4j bug and some adjacent issues. He’s working on a paper with IST about the bug and what it all means, and he’s joining us this week to talk about why the log4j drama was different.
Links to everything that we discussed are below and you can follow Katie, Joe or Patrick on Twitter if that’s your thing.
Show notes
- US warns of Russian state-sponsored attacks on critical infrastructure - The Record by Recorded Future
- UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits - The Record by Recorded Future
- Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns
- CISA director: Log4Shell has not resulted in 'significant' government intrusions yet - The Record by Recorded Future
- Researchers discover Log4j-like flaw in H2 database console | The Daily Swig
- Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’ | The Daily Swig
- Signal's Cryptocurrency Feature Has Gone Worldwide | WIRED
- Alex Stamos on Twitter: "I'm glad that @CaseyNewton wrote about the legal risks of marrying E2EE with hard-to-trace money transmission and I was glad to talk to him. I think @signalapp is underestimating the legal attack surface they are opening up here. https://t.co/qx3qzwd6mk" / Twitter
- Signal >> Blog >> New year, new CEO
- Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds
- Italian man arrested for stealing unpublished book manuscripts - The Record by Recorded Future
- Activision Sues and Unmasks Alleged 'Call of Duty: Warzone' Cheat Sellers
- FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware - The Record by Recorded Future
- Threat actors can simulate iPhone reboots and keep iOS malware on a device - The Record by Recorded Future
- SOHO routers impacted by bug in USB-over-network component - The Record by Recorded Future
- Google Docs commenting feature abused in phishing operations - The Record by Recorded Future
- Coming to a laptop near you: A new type of security chip from Microsoft | Ars Technica
- SFile (Escal) ransomware ported for Linux attacks - The Record by Recorded Future
- FinalSite discloses ransomware attack that crippled websites for 8,000 schools - The Record by Recorded Future
- Albuquerque impacted by ransomware attack on Bernalillo County government - The Record by Recorded Future
- Hotel chain switches to Chrome OS to recover from ransomware attack - The Record by Recorded Future
- Moxie Marlinspike >> Blog >> My first impressions of web3