Risky Business #699 -- BYOD risks ramp up

Threat actors are really enjoying home networks and BYOD these days…
15 Mar 2023 » Risky Business

Threat actors are really enjoying home networks and BYOD these days…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why our LastPass/DPRK hunch weakened
  • CISA launches ransomware warning program
  • Is the Ring data extortion real?
  • White House flags cloud service security regulation
  • Pig Butchering overtakes BEC as top cybercrime earner
  • Much more!

This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant
Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant
North Korean hackers target security researchers with a new backdoor | Ars Technica
Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch
Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO
CISA unveils ransomware warning pilot for critical infrastructure
Data breach hits lawmakers and staff on Capitol Hill
Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop
Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop
Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch
The FBI Just Admitted It Bought US Location Data | WIRED
‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED
Malware infecting widely used security appliance survives firmware updates | Ars Technica
People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word
OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes
Australian official demands Russia bring criminal hackers ‘to heel’
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog
Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security
Twitter’s Most Important Anti-Censorship Tool Is Currently Dead
CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability