Risky Business Podcast

July 06, 2022

Risky Business #670 -- China's world record data breach

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including:

  • A billion records leaked in China
  • China to develop desktop operating system
  • HackerOne fires insider for stealing hackers’ work and bounties
  • FSB officer charged with stealing hacker’s bitcoin
  • Why Microsoft is wrong on Russia and Ukraine
  • Much, much more

Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the open source adversary emulation framework they help to maintain.

Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing.

Risky Business #670 -- China's world record data breach
0:00 / 0:00

Show notes

Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters

China lured graduate jobseekers into digital espionage | Ars Technica

Tech war: China doubles down on domestic operating systems to cut reliance on Windows, MacOS from the US | South China Morning Post

Risky Biz News: HackerOne discloses malicious insider incident, and nobody's surprised

(2) Paranoid Ninja (Brute Ratel C4) on Twitter: "A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases." / Twitter

Microsoft Exchange servers worldwide hit by stealthy new backdoor | Ars Technica

Подполковника УФСБ по Самарской области арестовали за кражу криптовалюты у хакера - ТАСС

Cybersecurity experts question Microsoft's Ukraine report

(4) Victor Zhora on Twitter: "One more evidence of coordination of kinetic and cyber operations by russian aggressors. Ukrainian largest private energy company DTEK was cyberattacked simulateously with shelling of thermal power plant of the same company in Kryvyi Rih. Both targets are 100% civilian." / Twitter

Вслід за ракетними ударами по ТЕС ворог завдає хакерських атак по енергосистемі — ДТЕК

CyberKnow on Twitter: "Another new pro-russian hacktivist group. They have been conducting #ddos ops against #Norway with other groups. #cybersecurity #infosec #RussianUkrainianWar #UkraineRussiaWar https://t.co/rX069XVaof" / Twitter

Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine

Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack | The Times of Israel

Info of over 300,000 Israelis leaked as Iranian hackers target travel booking sites | The Times of Israel

TSA to change cybersecurity rules for pipelines following industry criticism - The Record by Recorded Future

After a sharp rise, cyber insurance rates show signs of stabilizing - The Record by Recorded Future

California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard - The Record by Recorded Future

Cops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in Caribbean

Publishing giant Macmillan still unable to process orders after ransomware attack - The Record by Recorded Future

State unemployment, jobs services down around the country after cyberattack

NIST selects first group of quantum-resistant encryption tools - The Record by Recorded Future

UnRAR path traversal flaw can lead to RCE in Zimbra | The Daily Swig

Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst

Nearly $9 million stolen from DeFi platform Crema Finance - The Record by Recorded Future

North Korea accused of orchestrating $100 million Harmony crypto hack - The Record by Recorded Future

Nucleus Security's vulnerability management platform - YouTube

Explore Atomic Red Team