On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:
- Russia arrests REvil crew
- Ukraine government hit in messy hacks
- White House hosts open source pow-wow, but is it pointless?
- US cyber reporting law will come back from the dead
- Report: Israeli police targeted activists with NSO but without warrants
- Much, much more
This week’s sponsor interview is with HD Moore, the founder of Rumble. We’re talking through what how he and his team helped customers respond to the log4j drama. They quickly added the capability to scan customer’s environments for log4shell-affected tech. When asset discovery meets rapid vuln response!
Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing.
Show notes
- Russia arrests ransomware gang responsible for high-profile cyberattacks
- Celebrations over REvil ransomware arrests in Russia may be premature | The Daily Swig
- Ransomware gang behind attacks on 50 companies arrested in Ukraine - The Record by Recorded Future
- Europol takes down VPNLab, a service used by ransomware gangs - The Record by Recorded Future
- Albuquerque schools are having a cybersecurity snow day—and they aren't alone - The Record by Recorded Future
- What We Know and Don’t Know about the Cyberattacks Against Ukraine - (updated)
- Dozens of Computers in Ukraine Wiped with Destructive Malware in Coordinated Attack
- Belarus: Cyber upstart, or Russian staging ground?
- White House hosts open-source software security summit in light of expansive Log4j flaw
- Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software | The Daily Swig
- GitLab shifts left to patch high-impact vulnerabilities | The Daily Swig
- Cyber incident reporting backers pledge to resume push - The Record by Recorded Future
- Israeli police used spyware to hack its own citizens, a report says : NPR
- El Salvador journalists hacked with NSO's Pegasus spyware - The Record by Recorded Future
- Cyber Command ties hacking group to Iranian intelligence - The Record by Recorded Future
- Earth Lusca threat actor targets governments and cryptocurrency companies alike - The Record by Recorded Future
- North Korea stole a record $400 million in cryptocurrency last year, researchers say
- Crypto.com Says Alleged $15 Million Hack Was Just an 'Incident'
- Who is the Network Access Broker ‘Wazawaka?’ – Krebs on Security
- New Chrome security measure aims to curtail an entire class of Web attack | Ars Technica
- EA blames support staff for recent hacks of high-profile FIFA accounts - The Record by Recorded Future
- Researchers discover ‘extremely easy’ 2FA bypass in Box cloud management software | The Daily Swig
- Introducing vAPI – an open source lab environment to learn about API security | The Daily Swig