Risky Business #689 -- FBI baulks at Apple's iCloud encryption push

PLUS: Microsoft signs malicious drivers, Japan to release the Shiba Inus…
14 Dec 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Apple to introduce user-encrypted backups, FBI is sad
  • Twitter ices e2ee plans for DMs
  • RackSpace is getting sued over its hosted Exchange ransomware incident
  • Dodgy driving: Microsoft signs some shady stuff
  • Japan to change laws, release the Shibas
  • A look at the US NDAA
  • Much, much more

This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Apple Expands End-to-End Encryption to iCloud Backups | WIRED
FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors
Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED
Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant
Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future
Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response
New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security
Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED
Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED
Risky Biz News: Disgruntled member doxes and extorts URSNIF gang
U.S. agency warns that hackers are going after Citrix networking gear | Reuters
Police raid offices of Predator spyware seller Intellexa | eKathimerini.com
$858 billion defense bill focuses heavily on cyber. These are some highlights.
Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future
Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity
Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future
US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future
‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future
Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future
LockBit ransomware crew claims attack on California Department of Finance
PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future
Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
Internet Explorer 0-day exploited by North Korean actor APT37
Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future
JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig
Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED