Risky Business #657 -- Belarus targets refugee data

PLUS: Brian Krebs joins the news to talk Contileaks...
09 Mar 2022 » Risky Business

On this week’s show Patrick Gray, Brian Krebs and Adam Boileau discuss the week’s security news, including:

  • The Contileaks latest
  • Belarus targeted refugee data. Was it behind the ICRC hack?
  • How APT41 hacked America’s livestock
  • SATCOM hack in Ukraine may bode ill for Musk
  • Much, much more

Material Security’s co-founder Ryan Noon is this week’s sponsor guest. He joins the show to talk about a few things, how the building blocks for a whole new generation of security tooling – like large-scale data crunching tech – is now just available off the shelf. He also talks us through an integration Material has done with a groovy new SOAR platform called Tines.

Links to everything we discussed – and a YouTube demo of Material’s technology – are below.

Show notes

Conti Ransomware Group Diaries, Part I: Evasion – Krebs on Security
Conti Ransomware Group Diaries, Part II: The Office – Krebs on Security
Conti Ransomware Group Diaries, Part III: Weaponry – Krebs on Security
Conti Ransomware Group Diaries, Part IV: Cryptocrime – Krebs on Security
Christo Grozev on Twitter: "This is not the worst part. In the phone call in which the FSB officer assigned to the 41st Army reports the death to his boss in Tula, he says they've lost all secure communications. Thus the phone call using a local sim card. Thus the intercept. https://t.co/cgHHo7VaRi" / Twitter
Cloudflare not fully backing out of Russia, company says, as tech firms are forced to weigh in - CyberScoop
NATO countries' refugee management may have been targeted by Belarus-linked hackers - CyberScoop
Twitter Launches Tor Onion Service Making Site Easier to Access in Russia
Hive ransomware gang targets Romanian oil firm in its latest cyberattack - The Record by Recorded Future
Chinese Spies Hacked a Livestock App to Breach US State Networks | WIRED
Christophe on Twitter: "Casually compromising API keys from Azure customers: - Step 1: Create an Azure automation account - Step 2: curl localhost on ports 40000+ You now have an API token in the Azure tenant of another customer, with the same permissions as the automation🙈 https://t.co/XRI99mCJ1T" / Twitter
Google WAF bypassed via oversized POST requests | The Daily Swig
DDoSers are using a potent new method to deliver attacks of unthinkable size | Ars Technica
SATCOM terminals under attack in Europe: a plausible analysis.
The internet in Ukraine is still mostly online. Could Starlink be a backup if it goes out? - The Record by Recorded Future
Linux has been bitten by its most high-severity vulnerability in years | Ars Technica
Google to acquire Mandiant in $5.4 billion deal - The Record by Recorded Future
Senate approves cyber incident reporting bill amid worries about Russian threats - The Record by Recorded Future
Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns - The Record by Recorded Future
Material Security: Keeping email safe at rest (improved audio) - YouTube
Risky Biz Product Demos - YouTube