Risky Business #650 -- USG drops Russia advisory as Ukraine tensions mount

Featuring guest co-hosts Joe Slowik and Katie Nickels...
12 Jan 2022 » Risky Business

On this week’s show Patrick Gray, Katie Nickels and Joe Slowik discuss the week’s security news, including:

  • US Government warns of impending critical infrastructure hacks
  • Log4j bug in VMWare gets a workout
  • Ex Uber CSO Joe Sullivan facing wire fraud charges
  • Signal to push ahead on cryptocurrency payments
  • Italian literary nerd busted for running one man APT operation
  • Much, much more

This week’s show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there and he’s joining us this week to talk about the log4j bug and some adjacent issues. He’s working on a paper with IST about the bug and what it all means, and he’s joining us this week to talk about why the log4j drama was different.

Links to everything that we discussed are below and you can follow Katie, Joe or Patrick on Twitter if that’s your thing.

Show notes

US warns of Russian state-sponsored attacks on critical infrastructure - The Record by Recorded Future
UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits - The Record by Recorded Future
Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns
CISA director: Log4Shell has not resulted in 'significant' government intrusions yet - The Record by Recorded Future
Researchers discover Log4j-like flaw in H2 database console | The Daily Swig
Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’ | The Daily Swig
Signal's Cryptocurrency Feature Has Gone Worldwide | WIRED
Alex Stamos on Twitter: "I'm glad that @CaseyNewton wrote about the legal risks of marrying E2EE with hard-to-trace money transmission and I was glad to talk to him. I think @signalapp is underestimating the legal attack surface they are opening up here. https://t.co/qx3qzwd6mk" / Twitter
Signal >> Blog >> New year, new CEO
Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds
Italian man arrested for stealing unpublished book manuscripts - The Record by Recorded Future
Activision Sues and Unmasks Alleged 'Call of Duty: Warzone' Cheat Sellers
FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware - The Record by Recorded Future
Threat actors can simulate iPhone reboots and keep iOS malware on a device - The Record by Recorded Future
SOHO routers impacted by bug in USB-over-network component - The Record by Recorded Future
Google Docs commenting feature abused in phishing operations - The Record by Recorded Future
Coming to a laptop near you: A new type of security chip from Microsoft | Ars Technica
SFile (Escal) ransomware ported for Linux attacks - The Record by Recorded Future
FinalSite discloses ransomware attack that crippled websites for 8,000 schools - The Record by Recorded Future
Albuquerque impacted by ransomware attack on Bernalillo County government - The Record by Recorded Future
Hotel chain switches to Chrome OS to recover from ransomware attack - The Record by Recorded Future
Moxie Marlinspike >> Blog >> My first impressions of web3