This episode sponsored by Obsidian Security.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Apple to introduce user-encrypted backups, FBI is sad
- Twitter ices e2ee plans for DMs
- RackSpace is getting sued over its hosted Exchange ransomware incident
- Dodgy driving: Microsoft signs some shady stuff
- Japan to change laws, release the Shibas
- A look at the US NDAA
- Much, much more
This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Apple Expands End-to-End Encryption to iCloud Backups | WIRED
- FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors
- Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED
- Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold
- I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant
- Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future
- Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response
- New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security
- Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED
- Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED
- Risky Biz News: Disgruntled member doxes and extorts URSNIF gang
- U.S. agency warns that hackers are going after Citrix networking gear | Reuters
- Police raid offices of Predator spyware seller Intellexa | eKathimerini.com
- $858 billion defense bill focuses heavily on cyber. These are some highlights.
- Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future
- Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity
- Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future
- US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future
- ‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future
- Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future
- LockBit ransomware crew claims attack on California Department of Finance
- PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future
- Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
- Internet Explorer 0-day exploited by North Korean actor APT37
- Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future
- JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig
- Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED
