Risky Business #701 -- Why infosec is wrong about TikTok

PLUS: White House drops executive order on spyware...
29 Mar 2023 » Risky Business

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.

On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:

  • The Biden White House’s executive order on spyware
  • Why the infosec community writ large is wrong on TikTok
  • Clop campaign: it’s time to ditch your file transfer gateways
  • Major Android app booted from store because it was full of 0day privesc exploits lol
  • More detail on the BreachForums admin arrest
  • Much, much more

This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.

Show notes

At least 50 U.S. government employees hit with spyware, White House says
Kevin McCarthy says House 'will be moving forward' with TikTok legislation
US lawmakers tell TikTok CEO the app ‘should be banned’
Between Two Nerds: The Real Problem with TikTok - Risky Business
New victims come forward after mass-ransomware attack | TechCrunch
UK Pension Protection Fund latest victim of GoAnywhere hack
Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News
Fortra told breached companies their data was safe | TechCrunch
When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT
City of Toronto and Virgin confirm hackers accessed data through file transfer systems
Tasmania investigating attack after Clop ransomware group adds to victim list
Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Telecom giant Lumen says it discovered two separate cyber intrusions
Tennessee city hit with ransomware attack
FBI, CISA investigating cyberattack on Puerto Rico’s water authority
British hospital investigating impact of ‘contained’ cyber incident
Largest telecom in Guam starts restoring services after cyberattack
Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say
UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data
How the FBI caught the BreachForums admin | TechCrunch
Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign
North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED
“Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News
Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist
Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch