Risky Business Podcast

April 06, 2022

Risky Business #661 -- Viasat hack details firm up

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why Spring4Shell isn’t all hype
  • How Viasat actually got owned
  • Russian war crimes likely extend to coercing sysadmis
  • Why lighter fluid and a box of matches is more effective than cyber in Belarus
  • Much, much more

This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer.

Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing.

And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #661 -- Viasat hack details firm up
0:00 / 0:00

Show notes

Explaining Spring4Shell: The Internet security disaster that wasn’t | Ars Technica

VMware sprung by Spring4shell vulnerability - Security - iTnews

Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future

VIASAT incident: from speculation to technical details.

AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne

EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters

Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter

Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future

The Belarus ‘railway rebels’, who dare stop Vladimir Putin’s invasion in its tracks

German wind turbine maker shut down after cyberattack - The Record by Recorded Future

Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future

Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig

Two alleged Lapsus$ teens appear in London court

IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica

Notorious hacking group FIN7 adds ransomware to its repertoire

NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future

Debate erupts at news the White House may scale back DOD cyber-ops authorities

Legislators rail against potential rollback of flexible DOD cyber powers

‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig

Trend Micro warns of active attacks against Apex Central console | The Daily Swig

Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future

Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica

GitLab addresses critical account hijack bug | The Daily Swig

Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future

Bank that lacked basic security suffers predictable fate • The Register

Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform