Risky Business #690 -- 2023 will be a rough year for critical online services

Recent attacks against Okta, CircleCI, Slack and Lastpass have set the tone for the year ahead...
11 Jan 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:

  • Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
  • All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
  • A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
  • Why automotive security research will actually be interesting this year
  • PLUS: A bunch of random news!

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica
Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig
LastPass: Hackers accessed and copied customers’ password vaults - The Record from Recorded Future News
GitHub incident allowed attacker to copy Okta's source code - The Record from Recorded Future News
Supreme Court dismisses spyware company NSO Group’s claim of immunity - The Record from Recorded Future News
Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans - The Record from Recorded Future News
Iran’s support of Russia draws attention of pro-Ukraine hackers - The Record from Recorded Future News
Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it - The Record from Recorded Future News
CISA researchers: Russia's Fancy Bear infiltrated US satellite network
Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters
NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop
Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine
Military operations software in Ukraine was hit by Russian hackers - The Record from Recorded Future News
New supply chain attack targeted Ukrainian government networks - The Record from Recorded Future News
Moldovaʼs government hit by flood of phishing attacks - The Record from Recorded Future News
Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation | Ars Technica
Cyber Command conducted offensive operations to protect midterm elections - The Record from Recorded Future News
Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record from Recorded Future News
British company that helps make semiconductors hit by cyber incident - The Record from Recorded Future News
Port of Lisbon website still down as LockBit gang claims cyberattack - The Record from Recorded Future News
SickKids: 80% of hospital priority systems back online after LockBit ransomware attack - The Record from Recorded Future News
Canada's largest children's hospital struggles to recover from pre-Christmas ransomware attack - The Record from Recorded Future News
Canadian copper mine suffers ransomware attack, shuts down mills - The Record from Recorded Future News
Los Angeles housing authority says cyberattack disrupting systems - The Record from Recorded Future News
The Guardian contacts data protection regulator after suspected ransomware incident - The Record from Recorded Future News
Australian fire service operating 85 stations shuts down network after cyberattack - The Record from Recorded Future News
San Francisco BART investigating ransomware attack - The Record from Recorded Future News
Hackers leak sensitive files following attack on San Francisco transit police
New U.S. cyber strategy will require critical infrastructure companies to protect against hacks - The Washington Post
Car hackers discover vulnerabilities that could let them hijack millions of vehicles
Compromised dispatch system helped move taxis to front of the line | Ars Technica
Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo
Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots
Cybercriminals’ latest grift: powdered milk and sugar by the truckload - The Record from Recorded Future News
This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists - The Record from Recorded Future News
Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure. - The Record from Recorded Future News
Key bitcoin developer calls on FBI to recover $3.6M in digital coin | Ars Technica
Chick-fil-A acknowledges customer account abuse but denies compromise of internal systems - The Record from Recorded Future News
Microsoft ends Windows 7 security updates | TechCrunch
SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: