Risky Business #661 -- Viasat hack details firm up

PLUS: Why you shouldn't dismiss Spring4Shell as hype...
06 Apr 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why Spring4Shell isn’t all hype
  • How Viasat actually got owned
  • Russian war crimes likely extend to coercing sysadmis
  • Why lighter fluid and a box of matches is more effective than cyber in Belarus
  • Much, much more

This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer.

Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing.

And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Explaining Spring4Shell: The Internet security disaster that wasn’t | Ars Technica
VMware sprung by Spring4shell vulnerability - Security - iTnews
Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future
VIASAT incident: from speculation to technical details.
AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne
EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters
Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter
Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future
The Belarus ‘railway rebels’, who dare stop Vladimir Putin’s invasion in its tracks
German wind turbine maker shut down after cyberattack - The Record by Recorded Future
Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future
Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig
Two alleged Lapsus$ teens appear in London court
IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica
Notorious hacking group FIN7 adds ransomware to its repertoire
NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future
Debate erupts at news the White House may scale back DOD cyber-ops authorities
Legislators rail against potential rollback of flexible DOD cyber powers
‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig
Trend Micro warns of active attacks against Apex Central console | The Daily Swig
Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future
Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica
GitLab addresses critical account hijack bug | The Daily Swig
Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future
Bank that lacked basic security suffers predictable fate • The Register
Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform