Risky Business #679 -- A look at Uber's very bad week

PLUS: Microsoft Teams Electron app research is legitimately ooph...
21 Sep 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A look at how Uber got owned so hard
  • Why cleartext cookie storage in Microsoft Teams’ Electron-based app is actually a big deal
  • Russian official: Starlink is a legitimate military target
  • Wagner mercs get doxxed
  • Kiwi Farms having a bad time
  • Much, much more

In this week’s sponsor interview we’ll be chatting to Nucleus’s CEO Steve Carter about CISA’s KEV list. He has feelings about the KEV list – they’re mostly positive, but he also has a few reasonable gripes and he joins me to talk about them.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Uber attributes hack to Lapsus$, working with FBI and DOJ on investigation - The Record by Recorded Future
Uber confirms it is investigating cybersecurity incident - The Record by Recorded Future
Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars Technica
SharpTongue Deploys Clever Mail-Stealing Browser Extension "SHARPEXT" | Volexity
Hacking group focused on Central America dumps 10 terabytes of military emails, files
Securing the Supply Chain of Nothing | Kelly Shortridge
Russia Makes Veiled Threat to Destroy SpaceX's Starlink
Pro-Ukraine Hacktivists Claim to Have Hacked Notorious Russian Mercenary Group
Fears grow of Russian spies turning to industrial espionage - The Record by Recorded Future
Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records
Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress
CISA floats plan to partner with local universities for '311' cyberattack triage service - The Record by Recorded Future
Breach of software maker used to backdoor ecommerce servers | Ars Technica
Kiwi Farms has been breached; assume passwords and emails have been leaked | Ars Technica
(8) Kevin Beaumont on Twitter: "The saga continues - there was (also?) a script injected for a month on Kiwi Farms called Troonshine, gathering information and credentials from user’s systems, posting it to “https://t.co/XnrUu4t3sd”. They look very, very owned. https://t.co/kxdR8kxtC1" / Twitter
Pentagon reviews psychological operations amid Facebook, Twitter complaints - The Washington Post
Bosnia and Herzegovina investigating alleged ransomware attack on parliament - The Record by Recorded Future
Botched Crypto Mugging Lands Three U.K. Men in Jail – Krebs on Security
Cryptocurrency company Wintermute says hackers stole $160 million - The Record by Recorded Future
Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police