Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack

We're back, and there's plenty to cover…
02 Nov 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Twitter bluechecks face phishing barrage
  • Australian government goes berserk on Medibank hack response
  • Former WSJ journalist sues law firm over email hack and info op that got him fired
  • OpenSSL bug lands with a whimper
  • Apple macOS Ventura update breaks security tools
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter’s verification chaos is now a cybersecurity problem | TechCrunch
Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica
Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post
Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters
The source - Columbia Journalism Review
Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig
OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig
Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future
Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future
Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future
NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future
Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED
Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future
How Vice Society Got Away With a Global Ransomware Spree | WIRED
FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future
Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig
Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security
Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica
Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future
Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig
Microsoft's Sociopathic Cybersecurity Pedantry
Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future
Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security
European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future
How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica