Risky Business #676 -- Okta, Authy users among Twilio hack targets

There's a one time password supply chain, and it got owned pretty hard...
31 Aug 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The Twilio breach was actually a big deal
  • How a Belarusian Cyber Partisans hack burned a GRU illegal
  • Who wants 25m hashed passwords from Russia?
  • An NFT we can get behind
  • How attackers are using game anti-cheat drivers to defeat EDR
  • Much, much more

This week’s sponsor interview is with Mike Benjamin, the VP of security research at Fastly. He pops in to argue that your red team needs to actually consider how your apps will cope with bot-driven attacks.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Why the Twilio Breach Cuts So Deep | WIRED
Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others | Ars Technica
The number of companies caught up in recent hacks keeps growing | Ars Technica
How 1-Time Passcodes Became a Corporate Liability – Krebs on Security
(1) Christo Grozev on Twitter: "We first noticed her thanks to a super useful database shared with us by @cpartisans: the border crossing records of Belarus. We knew the passport ranges of GRU and FSB spies, so we decided to search in that data-set by partial matches, leaving the last 3 digits out as wildcards." / Twitter
(1) Belarusian Cyber-Partisans on Twitter: "🧵1/3🔥For the 1st time in human history a #hacktivist collective obtained passport info of the ALL country's citizens. Now we're offering you an opportunity to become a part of this history 😎. Get a unique digital version of #lukashenka passport as #NFT https://t.co/gOlWdoUehi https://t.co/RxdWpBqA8f" / Twitter
A huge Chinese database of faces and vehicle license plates spilled online | TechCrunch
Leading Russian streaming platform suffers data leak allegedly impacting 44 million users - The Record by Recorded Future
Plex imposes password reset after hackers steal data for >15 million users | Ars Technica
Montenegro struggles to recover from cyberattack that officials blame on Russia - The Record by Recorded Future
Patrick Gray on Twitter: "https://t.co/DOFdMExsPe" / Twitter
European data privacy watchdogs grill Twitter over Mudge security claims - The Record by Recorded Future
Google announces open source vulnerability reward program after Log4j, Codecov issues - The Record by Recorded Future
Google Online Security Blog: Announcing Google’s Open Source Software Vulnerability Rewards Program
Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims
An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware' - The Record by Recorded Future
LockBit ransomware group implicated in crippling attack on French hospital - The Record by Recorded Future
Major U.S. library service confirms ransomware attack, struggling to restore affected systems - The Record by Recorded Future
China-linked hackers target organizations operating in South China Sea - The Record by Recorded Future
Chinese hackers zero in on Australian manufacturers, wind turbine operators
FTC sues data broker that tracks locations of 125M phones per month | Ars Technica
FCC launches investigation into mobile carriers’ geolocation data practices - The Record by Recorded Future
Most top mobile carriers retain geolocation data for two years on average, FCC findings show - CyberScoop
Buddle co-accused one of 50 alleged criminals preparing challenge to police sting
Researchers discover sprawling pro-U.S. social media influence campaign
Unheard Voice: Evaluating five years of pro-Western covert influence operations
Rights groups, company leaders decry silence over VLC player ban in India - The Record by Recorded Future