Risky Business #677 -- A day late and a dollar short: China doxxes NSA op

PLUS: The TikTok breach that wasn't...
07 Sep 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • China’s super spies figure out Rob Joyce ran TAO ops
  • FBI, French authorities fly to Montenegro to investigate ransomware attack
  • NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers
  • SIM swap drama spills into real world shootings, firebombings
  • Yandex Taxi hack clogs Moscow streets
  • The TikTok breach that wasn’t
  • Project Raven veterans get wings clipped
  • Why recent BGP hijacks are getting a bit concerning
  • Much, much more

This week’s show is brought to you by Corelight, the company that maintains Zeek. Corleight’s Federal CTO Jean Schaffer joins us in this week’s sponsor interview to talk about whether or not the White House’s executive order on Zero Trust is actually changing anything.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Exclusive: Evidence shows US’ NSA behind attack on email system of leading Chinese aviation university - Global Times
Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter
Patrick Gray on Twitter: "Great thread" / Twitter
FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future
Chile says gov’t agency struggling with ransomware attack - The Record by Recorded Future
Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future
Ransomware Gang Accessed Water Supplier’s Control System
Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future
Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter
Criminal hackers targeting K-12 schools, U.S. government warns
QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future
Cloudflare Suggests It Won’t Cut Off Anti-Trans Stalking Forum
Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian
Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security
State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation
Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App
Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times
TikTok denies security breach after hackers leak user data, source code
Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future
Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium
nanog: Yet another BGP hijacking towards AS16509
A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED
Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica
Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts
Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED
WatchGuard firewall exploit threatens appliance takeover | The Daily Swig
Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future
Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica
Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43 – Naked Security