This episode sponsored by Okta.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Israel Ministry of Defence is denying a lot of spyware export licences
- Private detective in New York pleads guilty over BellTroX shenanigans
- Scammers enrol stolen credit cards into Apple Pay
- The Blackcat ransomware crew is very active right now
- VirusTotal shells lol
- Much, much more
This week’s sponsor interview is with Okta’s Brett Winterford, who talks in detail about the company’s brush with the Lapsus$ hacking crew. It’s unusual for a sponsor interview to be a must listen, but here we are.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Export controls strangling Israel's cyberattack industry - Globes
- Israeli charged in global hacker-for-hire scheme pleads guilty | Reuters
- Criminals Abuse Apple Pay in Spending Sprees
- Wealthy cybercriminals are using zero-day hacks more than ever | MIT Technology Review
- Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security
- FBI: 60 organizations worldwide hit with BlackCat/ALPHV ransomware - The Record by Recorded Future
- FBI warns agricultural sector of heightened risk of ransomware attacks
- Russia's war on Ukraine making life difficult for Russian cybercriminals
- In a first, Treasury Department sanctions major cryptocurrency mining firm
- Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA
- (6) Rewards for Justice on Twitter: "REWARD! Up to $10M for information on 6 Russian GRU hackers. They targeted U.S. critical infrastructure with malicious cyber ops. Send us info on their activities via our Dark Web-based tips line at: https://t.co/WvkI416g4W https://t.co/oZCKNHU3fY https://t.co/u1NMAZ9HQl" / Twitter
- Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure – Rewards For Justice
- From the front lines of ‘the first real cyberwar’ - The Record by Recorded Future
- CySource virus total blog
- (3) Bernardo Quintero on Twitter: "for transparency purposes, this was my internal reply on May 21, 2021 at 03:09PM https://t.co/WR3QTRlxDc" / Twitter
- Critical bug could have let hackers commandeer millions of Android devices | Ars Technica
- Hot patch for Log4Shell vulnerability in AWS allowed full host takeover | The Daily Swig
- Major cryptography blunder in Java enables “psychic paper” forgeries | Ars Technica
- Brokers' sales of U.S. military personnel data overseas stir national security fears
- Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen
- A Crypto Entrepreneur Is on the Lam After Dev Jailed for North Korea Trip
- Okta Concludes its Investigation Into the January 2022 Compromise | Okta
- Risky Business News | Substack
