Risky Business #672 -- "Expected behaviour" is in the eye of the beholder

When one person's bug is another person's feature…
20 Jul 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A look at the DHS Cyber Safety Review Board’s Log4j report
  • Joshua Schulte no longer the “alleged” Vault7 leaker
  • Chinese APT crews targeted US political journalists before Jan 6
  • Ransomware gangs make leak sites searchable
  • Why recovering plaintext passwords from Okta is expected behaviour
  • US Government seizes North Korean ransomware payment
  • Much, much more

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’ll tell us about work Trail of Bits did for DARPA on investigating blockchain security fundamentals.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Patrick Gray on Twitter: "During our discussion yesterday on the show we didn’t know pre-existing MDM was preserved when iOS lockdown mode is enabled, which is great!" / Twitter
DHS Cyber Safety Review Board found no evidence China knew of Log4j before disclosure
Ex-CIA Hacker Convicted for ‘One of the Most Damaging Acts of Espionage in American History’
Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say
Experts concerned about ransomware groups creating searchable databases of victim data - The Record by Recorded Future
A Deep Dive Into the Residential Proxy Service ‘911’ – Krebs on Security
Risky Biz News: Google removes app permissions from the Play Store
Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica
‘Password extraction risk’ in identity provider Okta disputed | The Daily Swig
Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com
Okta Response to Security Report | Okta
DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks - The Record by Recorded Future
North Korean hackers target small businesses with H0lyGh0st ransomware, Microsoft warns - The Record by Recorded Future
Colorado police investigating ransomware attack on small town - The Record by Recorded Future
Albania shuts down government websites, services due to wide ranging cyberattack - The Record by Recorded Future
Bandai Namco confirms cyberattack after ransomware group threatens leak - The Record by Recorded Future
MiCODUS MV720 GPS tracker | CISA
Honda redesigning latest vehicles to address key fob vulnerabilities - The Record by Recorded Future
Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware
Are blockchains decentralized? | Trail of Bits Blog
Announcing the new Trail of Bits podcast | Trail of Bits Blog
GitHub - trailofbits/it-depends: A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.