Risky Business Podcast

June 13, 2022

Risky Business #667 -- "Shields Up" for cyber's forever war

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • “Shields Up” advice is now provably meaningless
  • Russia to ditch offshore comms apps like WhatsApp
  • Evil Corp’s Lockbit sanctions evasion attempt backfires
  • Binance is a cesspit of shady financial dealings
  • Apple’s passkey release foreshadows FIDO mass adoption
  • Much, much more

This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #667 -- "Shields Up" for cyber's forever war
0:00 / 0:00

Show notes

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News

White House: cyber activity not against Russia policy | Reuters

'Shields Up': the new normal in cyberspace

Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022

«Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru

Киев использовал против России новый принцип кибератак - Ведомости

Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022

FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator

To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant

Risky Biz News: LockBit-Mandiant drama, explained

How Binance became a hub for hackers, fraudsters and drug sellers

Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore.

Fed cyber officials detail Chinese state hackers using common exploits against telcos

Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store

Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com

Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED

Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future

Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED

MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED

Zero-Day Exploitation of Atlassian Confluence | Volexity

Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter

Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED

(3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter

Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions

‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million

PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter

NFT insider trading charges filed against former OpenSea employee Nate Chastain

Detecting BPFDoor backdoor payload | Elastic