This episode sponsored by Thinkst.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- North Korea is ransomwaring hospitals with homegrown and Russian strains
- Russia proposes law greenlighting “patriotic hacks”
- It’s 702 renewal time… again
- CISA releases ESXiArgs recovery script (yay!)
- UK mulls crimephone ban
- Much, much more
This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics
- Risky Biz News: US and UK sanction seven Trickbot members
- United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury
- Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability
- The FBI’s Most Controversial Surveillance Tool Is Under Threat | WIRED
- Meet the Creator of North Korea’s Favorite Crypto Privacy Service | WIRED
- CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News
- decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack
- Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News
- UK Proposes Making the Sale and Possession of Encrypted Phones Illegal
- UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News
- Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop
- Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News
- Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News
- This week’s Reddit breach shows company’s security is (still) woefully inadequate | Ars Technica
- Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News
- Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
- DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig
- Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs
- OAuth ‘masterclass’ crowned top web hacking technique of 2022 | The Daily Swig
- New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig
- 'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News
- A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop
