Risky Business #688 -- APT41 pickpockets Uncle Sam

Chinese government-linked crew raid US covid relief payments...
07 Dec 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Samsung, LG Android signing keys pinched
  • LastPass gets owned again
  • APT41 steal covid relief money
  • Amnesty International hacked in Canada
  • Much, much more

This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Risky Biz News: Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware
Leaked Android Platform Certificates Create Risks for Users | Rapid7 Blog
100 - Platform certificates used to sign malware - apvi
Hackers accessed LastPass customer details using information stolen in August hack - The Record by Recorded Future
Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says
Amnesty International breach linked to Chinese government, investigation finds - The Record by Recorded Future
Iranian espionage campaign targets journalists, diplomats, activists, says Human Rights Watch - The Record by Recorded Future
New details on commercial spyware vendor Variston
‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter - The Record by Recorded Future
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica
ChatGPT shows promise of using AI to write malware - CyberScoop
DHS cyber safety board to probe Lapsus$ hacks - The Record by Recorded Future
Kris Nóva: "We are currently investigating…" - Hachyderm.io
Hive Social turns off servers after researchers warn hackers can access all data | Ars Technica
Spam is drowning out Twitter posts about Covid protests in China
French hospital complex suspends operations, transfers patients after ransomware attack - The Record by Recorded Future
Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen | SecurityWeek.Com
Guatemala's Foreign Ministry investigating ransomware attack - The Record by Recorded Future
Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald
UK introducing mandatory cyber incident reporting for managed service providers - The Record by Recorded Future
Florida Man Sentenced To 18 Months For Theft Of Over $20 Million In SIM Swap Scheme | USAO-SDNY | Department of Justice
Binance freezes $3 million worth of crypto stolen in Ankr hack - The Record by Recorded Future
Play app with 100K downloads booted for forwarding texts to developer server | Ars Technica
Go SAML library vulnerable to authentication bypass | The Daily Swig
Okta and Phishing Resistant Authentication - YouTube