Risky Business Podcast

January 12, 2022

Risky Business #650 -- USG drops Russia advisory as Ukraine tensions mount

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray, Katie Nickels and Joe Slowik discuss the week’s security news, including:

  • US Government warns of impending critical infrastructure hacks
  • Log4j bug in VMWare gets a workout
  • Ex Uber CSO Joe Sullivan facing wire fraud charges
  • Signal to push ahead on cryptocurrency payments
  • Italian literary nerd busted for running one man APT operation
  • Much, much more

This week’s show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there and he’s joining us this week to talk about the log4j bug and some adjacent issues. He’s working on a paper with IST about the bug and what it all means, and he’s joining us this week to talk about why the log4j drama was different.

Links to everything that we discussed are below and you can follow Katie, Joe or Patrick on Twitter if that’s your thing.

Risky Business #650 -- USG drops Russia advisory as Ukraine tensions mount
0:00 / 0:00

Show notes

US warns of Russian state-sponsored attacks on critical infrastructure - The Record by Recorded Future

UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits - The Record by Recorded Future

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

CISA director: Log4Shell has not resulted in 'significant' government intrusions yet - The Record by Recorded Future

Researchers discover Log4j-like flaw in H2 database console | The Daily Swig

Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’ | The Daily Swig

Signal's Cryptocurrency Feature Has Gone Worldwide | WIRED

Alex Stamos on Twitter: "I'm glad that @CaseyNewton wrote about the legal risks of marrying E2EE with hard-to-trace money transmission and I was glad to talk to him. I think @signalapp is underestimating the legal attack surface they are opening up here. https://t.co/qx3qzwd6mk" / Twitter

Signal >> Blog >> New year, new CEO

Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds

Italian man arrested for stealing unpublished book manuscripts - The Record by Recorded Future

Activision Sues and Unmasks Alleged 'Call of Duty: Warzone' Cheat Sellers

FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware - The Record by Recorded Future

Threat actors can simulate iPhone reboots and keep iOS malware on a device - The Record by Recorded Future

SOHO routers impacted by bug in USB-over-network component - The Record by Recorded Future

Google Docs commenting feature abused in phishing operations - The Record by Recorded Future

Coming to a laptop near you: A new type of security chip from Microsoft | Ars Technica

SFile (Escal) ransomware ported for Linux attacks - The Record by Recorded Future

FinalSite discloses ransomware attack that crippled websites for 8,000 schools - The Record by Recorded Future

Albuquerque impacted by ransomware attack on Bernalillo County government - The Record by Recorded Future

Hotel chain switches to Chrome OS to recover from ransomware attack - The Record by Recorded Future

Moxie Marlinspike >> Blog >> My first impressions of web3