Risky Business #681 -- It's Exchangehog Day

PLUS: How the CIA's terrible online opsec got its agents killed…
05 Oct 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • More Exchange 0days cause more havoc
  • A look at some earlier Exchange hack incidents
  • How the CIA got its agents killed with its truly awful online opsec
  • Ex NSA staffer arrested for espionage
  • Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future
CISA: Multiple government hacking groups had ‘long-term’ access to defense company - The Record by Recorded Future
Mexican president confirms ‘Guacamaya’ hack targeting regional militaries - The Record by Recorded Future
Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future
Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets
Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post
U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future
Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter
Numerous orgs hacked after installing weaponized open source apps | Ars Technica
'Poisoned' Tor Browser tracks Chinese users' online history, location
Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying | WIRED
A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED
LA officials confirm ransomware group leaked students’ personal data - The Record by Recorded Future
Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future
Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future
CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
House Democrats debut new bill to limit US police use of facial recognition | TechCrunch
EP000: Operation Aurora | HACKING GOOGLE - YouTube