Risky Business #664 -- The Spanish Prime Minister got Pegasus'd

PLUS: Why the FBI's transparency report is anything but…
04 May 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Spanish PM’s phone infected by Pegasus
  • Microsoft drops Ukraine research report
  • We can’t make heads or tails out of the FBI’s transparency report
  • France hit with coordinated fibre sabotage campaign
  • Why Musk’s algorithm pledge is meaningless
  • Much, much more

This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Spyware attack targeted Spanish prime minister’s phone - The Record by Recorded Future
Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ | Spain | The Guardian
Russia’s hackers and military went after the same targets in Ukraine, Microsoft says
Russia Is Being Hacked at an Unprecedented Scale | WIRED
Russia reroutes internet in occupied Ukrainian territory through Russian telcos - The Record by Recorded Future
Russia cyber case prompted big portion of FBI's surveillance database searches in 2021 - The Record by Recorded Future
2022_ASTR_for_CY2020_FINAL.pdf
Wyden: “Surveillance Transparency Report” Fails To Explain How Many Americans’ Communications Are Searched By the FBI | U.S. Senator Ron Wyden of Oregon
How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities
Who tried to hack Hawaii’s undersea cable? - The Record by Recorded Future
Nauru police emails leaked to protest against Australia's offshore detention
Fighting Fake EDRs With ‘Credit Ratings’ for Police – Krebs on Security
Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline
Musk's plans to make Twitter's algorithms public raises disinformation conundrum
Elon Musk’s Plan to Open Source the Twitter Algorithm Won’t Solve Anything | WIRED
Kronos cyber attack sparks lawsuits against employers | BenefitsPRO
German wind farm operator confirms cybersecurity incident - The Record by Recorded Future
German library service struggling to recover from ransomware attack - The Record by Recorded Future
Trinidad’s largest supermarket chain crippled by cyberattack - The Record by Recorded Future
Austin Peay State University becomes latest US school hit with ransomware - The Record by Recorded Future
NC Prohibits Gov Entities from Paying Hacker Cybersecurity Ransoms
Connecticut inches closer to becoming fifth state with data privacy law - The Record by Recorded Future
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
Google touts new tool that scans for malicious packages in popular open-source repositories - The Record by Recorded Future
Log4Shell, ProxyLogon and Atlassian bug top CISA's list of routinely exploited vulnerabilities in 2021 - The Record by Recorded Future
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954 | Rapid7 Blog
Microsoft finds Linux desktop flaw that gives root to untrusted users | Ars Technica
More than $13 million stolen from DeFi platform Deus Finance - The Record by Recorded Future
Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds - The Record by Recorded Future
Everscale blockchain wallet shutters web version after vulnerability found - The Record by Recorded Future
Hackers steal $90 million from DeFi platforms Rari Capital and Saddle Finance - The Record by Recorded Future
Crypto Hackers Stole More Than $370 Million In April Alone
Airlock Digital Demo - YouTube
Risky Business News | Patrick Gray | Substack