Risky Business Podcast

December 14, 2022

Risky Business #689 -- FBI baulks at Apple's iCloud encryption push

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Co-host at large

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Apple to introduce user-encrypted backups, FBI is sad
  • Twitter ices e2ee plans for DMs
  • RackSpace is getting sued over its hosted Exchange ransomware incident
  • Dodgy driving: Microsoft signs some shady stuff
  • Japan to change laws, release the Shibas
  • A look at the US NDAA
  • Much, much more

This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Risky Business #689 -- FBI baulks at Apple's iCloud encryption push
0:00 / 56:03

Show notes

Apple Expands End-to-End Encryption to iCloud Backups | WIRED

FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors

Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED

Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold

I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant

Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future

Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response

New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security

Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED

Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED

Risky Biz News: Disgruntled member doxes and extorts URSNIF gang

U.S. agency warns that hackers are going after Citrix networking gear | Reuters

Police raid offices of Predator spyware seller Intellexa | eKathimerini.com

$858 billion defense bill focuses heavily on cyber. These are some highlights.

Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future

Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity

Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future

US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future

‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future

Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future

LockBit ransomware crew claims attack on California Department of Finance

PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future

Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

Internet Explorer 0-day exploited by North Korean actor APT37

Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future

JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig

Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED