On this week’s show Patrick Gray, Tom Uren and Joe Slowik discuss the week’s security news, including:
- Why China’s Olympics app is probably not spyware
- New DDoS record set at 3.47Tbps
- USG goes all in on Zero Trust
- Dmitry Medvedev makes all the right noises on ransomware cooperation
- Iranian APT crew dabbles in ransomware
- German fuel distribution ransomwared
- The latest on NSO
- Much, much more
This week’s show is brought to you by Google Cloud. Anton Chuvakin, the head of security solution strategy at Google Cloud will be along in this week’s sponsor interview to talk about why SIEM vendors – including Google Cloud – are gobbling up SOAR platforms in acquisitions.
Links to everything that we discussed are below and you can follow Patrick, Tom or Joeon Twitter if that’s your thing.
Show notes
- The surveillance concerns around China’s Winter Olympics app – explained | Surveillance | The Guardian
- Cross-Country Exposure: Analysis of the MY2022 Olympics App - The Citizen Lab
- Wiper in Ukraine Used Code Repurposed From WhiteBlackCrypt Ransomware
- German government warns of APT27 activity targeting local companies - The Record by Recorded Future
- Microsoft fends off record-breaking 3.47Tbps DDoS attack | Ars Technica
- White House releases final zero-trust strategy for federal government - The Record by Recorded Future
- White House expands digital regulations for U.S. water supply
- Conti ransomware hits Apple, Tesla supplier - The Record by Recorded Future
- Top Russian official cites REvil arrests as sign of cooperation, says Moscow is awaiting reciprocation
- Совет Безопасности Российской Федерации
- Major German fuel storage provider hit with cyberattack, working under limited operations
- Iranian state-sponsored group APT35 linked to Memento ransomware - The Record by Recorded Future
- Deadbolt ransomware hits more than 3,600 QNAP NAS devices - The Record by Recorded Future
- QNAP warns NAS users of DeadBolt ransomware, urges customers to update | ZDNet
- Unpacking the rise of BlackCat ransomware: High victim count, high payouts, customized features
- Ransomware group says it took files from French Ministry of Justice
- Cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021 - The Record by Recorded Future
- DeepDotWeb co-admin sentenced to 8 years in prison - The Record by Recorded Future
- Booby-trapped sites delivered potent new backdoor trojan to macOS users | Ars Technica
- Apple pays out $100k bounty for Safari webcam hack that imperiled victims’ online accounts | The Daily Swig
- Qubit Finance platform hacked for $80 million worth of cryptocurrency - The Record by Recorded Future
- Android malware will factory-reset a phone after stealing a user's funds - The Record by Recorded Future
- 2FA app with 10,000 Google Play downloads loaded well-known banking trojan | Ars Technica
- Threat actor target Ubiquiti network appliances using Log4Shell exploits - The Record by Recorded Future
- Finland says it found NSO's Pegasus spyware on diplomats' phones - The Record by Recorded Future
- NSO offered US mobile security firm ‘bags of cash’, whistleblower claims | Surveillance | The Guardian
- The Battle for the World’s Most Powerful Cyberweapon - The New York Times