Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?

PLUS: Ransomware crew hits US Marshals service...
01 Mar 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A look at LastPass’s intrusion post mortem
  • A very stable genius decided to ransomware the US Marshals Service
  • Why Signal’s complaints about UK’s Online Safety Act are bad faith
  • Much, much more…

This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Additional details of the attack - LastPass Support
LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica
'Major' U.S. Marshals Service hack compromises sensitive info
DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News
DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News
Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News
'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop
Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News
Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News
Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica
White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop
Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News
A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica
Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig
How I Broke Into a Bank Account With an AI-Generated Voice
Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News
Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News
Tines Automation Platform - YouTube