Threat actors are really enjoying home networks and BYOD these days…
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Why our LastPass/DPRK hunch weakened
- CISA launches ransomware warning program
- Is the Ring data extortion real?
- White House flags cloud service security regulation
- Pig Butchering overtakes BEC as top cybercrime earner
- Much more!
This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant
- Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant
- North Korean hackers target security researchers with a new backdoor | Ars Technica
- Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch
- Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO
- CISA unveils ransomware warning pilot for critical infrastructure
- Data breach hits lawmakers and staff on Capitol Hill
- Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop
- Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop
- Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch
- The FBI Just Admitted It Bought US Location Data | WIRED
- ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED
- Malware infecting widely used security appliance survives firmware updates | Ars Technica
- People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word
- OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes
- Australian official demands Russia bring criminal hackers ‘to heel’
- DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog
- Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security
- Twitter’s Most Important Anti-Censorship Tool Is Currently Dead
- CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
- CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability