On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Belarusian Cyber Partisans ransom train network
- A look at developments in Ukraine
- Merck wins NotPetya insurance lawsuit
- US VC firm in talks to acquire NSO Group
- Much, much more
This week’s show is brought to you by Trail of Bits, the security engineering firm. Dan Guido joins us this week week to talk about zkdocs, a bunch of documentation Trail of Bits put together to provide guidance on how to implement some of these newfangled concepts – like zero knowledge proofs – that are popular in blockchain and cryptoland.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Hactivists say they hacked Belarus rail system to stop Russian military buildup | Ars Technica
- A top Ukrainian security official on defending the nation against cyber attacks - The Record by Recorded Future
- Former Ukrainian official sanctioned for assisting Russian cyberattacks - The Record by Recorded Future
- FSB detains administrator of UniCC carding forum - The Record by Recorded Future
- Opinion | Russia’s takedown of REvil hacking collective sends an ominous message - The Washington Post
- Merck wins cyber-insurance lawsuit related to NotPetya attack - The Record by Recorded Future
- Canada confirms cyber-attack on foreign affairs ministry - The Record by Recorded Future
- (1) Global Affairs Canada suffers ‘cyber attack’ amid Russia-Ukraine tensions: sources - National | Globalnews.ca
- U.S. venture capital firm in talks to buy Israel's infamous spyware maker NSO - Business - Haaretz.com
- Red Cross begs hackers not to leak data of "highly vulnerable people" - The Record by Recorded Future
- Assange permitted to file U.K. Supreme Court appeal in extradition case
- New MoonBounce UEFI bootkit can't be removed by replacing the hard drive - The Record by Recorded Future
- Sketchy ‘Account Recovery’ Services Are Trying to Scam Hacking Victims on Twitter
- A UK government-backed campaign aims to thwart end-to-end encryption rollout - The Record by Recorded Future
- UK government plans to release Nmap scripts for finding vulnerabilities - The Record by Recorded Future
- OpenSubtitles discloses successful extortion attempt, data breach - The Record by Recorded Future
- IRS Will Soon Require Selfies for Online Access – Krebs on Security
- New Log4j attacks target SolarWinds, ZyXEL devices - The Record by Recorded Future
- Supply chain attack used legitimate WordPress add-ons to backdoor sites | Ars Technica
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout | The Daily Swig
- ‘Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls | WIRED
- Flaws in third-party software exposed dozens of Teslas to remote access | TechCrunch
- Dark Souls servers taken down following discovery of critical vulnerability | Ars Technica
- F5 fixes high-risk NGINX Controller vulnerability in January patch rollout | The Daily Swig
- RCE bug chain patched in CentOS Web Panel | The Daily Swig
- Chain of vulnerabilities led to RCE on Cisco Prime servers | The Daily Swig
- People Can’t See Some NFTs on Twitter, Crypto Wallets After OpenSea Goes Down
- Hacker abuses OpenSea to buy NFTs at older, cheaper prices - The Record by Recorded Future
- Crypto.com finally confirms major hack, says it lost $34 million - The Record by Recorded Future
- A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist
- ‘White Hat’ Hacker Returns $1 Million Stolen In Crypto Theft Disaster
- Pirates Spammed an Infamous Soviet Short-wave Radio Station with Memes
- Introduction | ZKDocs
- Trail of Bits | Careers