Risky Business Podcast

February 23, 2022

Risky Business #655 -- USG: Expect Russian cyber drama

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Ukraine sanctions may lead to Russia going “cyber feral”
  • Brian Krebs links Red Cross breach to Iranian actor
  • APT10 uses cred stuffing as misdirection
  • Report: Global logistics behemoth Expeditors ransomwared
  • NFT thefts still hilarious
  • Inside the epic KlaySwap hack
  • Much, much more

In this week’s sponsor interview Thinkst Canary’s Marco Slaviero talks about some work they’ve done on introducing a “Safety Net” against AWS token enumeration edge cases. That’s a very interesting interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #655 -- USG: Expect Russian cyber drama
0:00 / 0:00

Show notes

White House attributes Ukraine DDoS incidents to Russia's GRU - CyberScoop

U.S. issues blanket warning on potential of destructive Russian hacks

Russian hackers have probably penetrated critical Ukraine computer networks, U.S. says - The Washington Post

Ukraine dismantles social media bot farm spreading "panic" - The Record by Recorded Future

US says Russian hackers breached multiple DOD contractors - The Record by Recorded Future

Red Cross blames hack on Zoho vulnerability, suspects APT attack - The Record by Recorded Future

Red Cross Hack Linked to Iranian Influence Operation? – Krebs on Security

Deep dive into hack against Iranian state TV yields wiper malware, other custom tools

VMware Horizon servers are under active exploit by Iranian state hackers | Ars Technica

Chinese hackers linked to months-long attack on Taiwanese financial sector - The Record by Recorded Future

San Francisco 49ers confirm ransomware attack - The Record by Recorded Future

Global logistics giant Expeditors suffers cyberattack, shuts down operations systems - FreightWaves

Vodafone Portugal struggles to restore service following cyberattack | Ars Technica

The US Crackdown on Spyware Vendors Is Only Beginning

People Whose NFTs Were Stolen Are Getting Wildly Different Refunds from OpenSea

Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack | ZDNet

KlaySwap crypto users lose funds after BGP hijack - The Record by Recorded Future

Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency | The Daily Swig

For signs of cryptocurrency laundering, look closely at Moscow firms, report says

Srsly Risky Biz: Thursday February 17

More data on Canadian 'Freedom Convoy' donors leaked -website | Reuters

Stream Episode 179: Truck Yeah, Canada feat Dan Boeckner by QAnon Anonymous | Listen online for free on SoundCloud

FBI sees increase in use of virtual meeting platforms for BEC scams - The Record by Recorded Future

This Is the ‘Hacking’ Investigation Into Journalist Who Clicked ‘View Source’ on Government Website

Bhima Koregaon case: New report finds activist Rona Wilson was targeted by hackers linked to cyber espionage - The Washington Post

Thousands of npm accounts use email addresses with expired domains - The Record by Recorded Future

EARN IT Act gets no changes to encryption language in Senate committee

SEC's breach notification proposal one step closer to a final vote

In touch with Reality Winner - The Record by Recorded Future

A “Safety Net” for AWS Canarytokens