Risky Business Podcast

August 24, 2022

Risky Business #675 -- The problem with Mudge's whistleblowing complaint

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A deep look at Mudge’s sensational whistleblower complaint against Twitter
  • Brazilian Federal Police raid Lapsus$ crew
  • NSO CEO to stand down (again), 100 staff to be let go
  • Signal users impacted in Twilio incident
  • Tornado Cash OFACs around and finds out
  • Much, much more

This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #675 -- The problem with Mudge's whistleblowing complaint
0:00 / 0:00

Show notes

Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter

Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED

TikTok Says, No, It Isn't Stealing Your Passwords

Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future

Israeli spyware company NSO Group CEO steps down | Reuters

How a Third-Party SMS Service Was Used to Take Over Signal Accounts

VIASAT hack impacted French critical services | Cybernews

DOJ now relies on paper for its most sensitive court documents, official says

Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future

Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future

U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury

OFAC Around and Find Out - Lawfare

Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future

Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future

Risky Biz News: Is ransomware going after the Global South? Sure looks like it!

Ransomware Now Threatens the Global South | Royal United Services Institute

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research

The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog

Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug

A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED

Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future

Breaking SIDH in polynomial time

Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects

Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future

Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future

Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future

North Korea-backed hackers have a clever way to read your Gmail | Ars Technica

When Efforts to Contain a Data Breach Backfire – Krebs on Security

Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future

Anonymous poop gifting site hacked, customers exposed