Risky Business #675 -- The problem with Mudge's whistleblowing complaint

Twitter's security is a trashfire, but Mudge's complaint has issues...
24 Aug 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A deep look at Mudge’s sensational whistleblower complaint against Twitter
  • Brazilian Federal Police raid Lapsus$ crew
  • NSO CEO to stand down (again), 100 staff to be let go
  • Signal users impacted in Twilio incident
  • Tornado Cash OFACs around and finds out
  • Much, much more

This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the wider threat intelligence industry. Don’t miss that one.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Patrick Gray on Twitter: "Jesus… can open, worms everywhere. You basically can’t find anyone more credible than @dotMudge in infosec so this is a massive deal https://t.co/TaDQzTEtzR" / Twitter
Twitter confirms January breach, urges pseudonymous accounts to not add email or phone number - The Record by Recorded Future
A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years | WIRED
TikTok Says, No, It Isn't Stealing Your Passwords
Brazilian police launch investigation targeting Lapsus$ group - The Record by Recorded Future
Israeli spyware company NSO Group CEO steps down | Reuters
How a Third-Party SMS Service Was Used to Take Over Signal Accounts
VIASAT hack impacted French critical services | Cybernews
DOJ now relies on paper for its most sensitive court documents, official says
Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs - The Record by Recorded Future
Lloyd’s to forbid insurers from covering losses due to state-backed hacks - The Record by Recorded Future
U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash | U.S. Department of the Treasury
OFAC Around and Find Out - Lawfare
Suspected Tornado Cash developer arrested in Netherlands - The Record by Recorded Future
Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform - The Record by Recorded Future
Risky Biz News: Is ransomware going after the Global South? Sure looks like it!
Ransomware Now Threatens the Global South | Royal United Services Institute
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research
The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape | Radware Blog
Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug
A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED
Malicious code exploiting recent VMware bug publicly available, company warns - The Record by Recorded Future
Breaking SIDH in polynomial time
Hackers Use Deepfakes of Binance Exec to Scam Crypto Projects
Cisco confirms May attack by Yanluowang ransomware group - The Record by Recorded Future
Cisco releases advisories for bug affecting more than 1 million security devices - The Record by Recorded Future
Cisco warns of critical vulnerabilities in routers - The Record by Recorded Future
North Korea-backed hackers have a clever way to read your Gmail | Ars Technica
When Efforts to Contain a Data Breach Backfire – Krebs on Security
Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop - The Record by Recorded Future
Anonymous poop gifting site hacked, customers exposed