Risky Business #702 -- 3CX: It's like SolarWinds, but stupider

PLUS: Why Wiz's latest AzureAD research is worth a second look...
19 Apr 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Why 3CX was the dumbest supply chain attack we’ve seen
  • Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved
  • How attackers are burning down cloud infrastructure
  • The latest from the world of spyware
  • Much, much more

This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED
3CX support tells customers to investigate malware warnings themselves | Ars Technica
North Korean hackers linked to 3CX supply-chain attack, investigation finds
BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog
Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop
MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
CISA, Cisco highlight Russian military targeting of router vulnerabilities
Israeli spyware software surveilling journalists, politicians
Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch
Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com
Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch
Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch
US commits $25 million to Costa Rica for Conti ransomware recovery
State Department, Congress working on formal program for US cyber aid
CISA and partners issue secure-by-design principles for software manufacturers | FedScoop
Time to Designate Space Systems as Critical Infrastructure
Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED
Cyber company Darktrace gets caught up in LockBit gang's apparent blunder
Payments giant says it is investigating ransomware incident that caused POS outage
Cyberattack causing treatment delays at Canadian hospital
German arms manufacturer Rheinmetall confirms cyberattack
Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme
Police arrest almost 120 people globally following Genesis Market takedown
FBI accessed Genesis Market's backend servers as part of takedown
LinkedIn Verification Now Lets You Verify Your Job and Account | WIRED
Tech industry’s pain is NSA’s gain, cyber leader says about layoffs
QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service - Check Point Research
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. | CyberScoop
From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat
U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks
Taiwan highly vulnerable to Chinese air attack, leaked documents show - The Washington Post
Pentagon document leak raises questions about internal security - The Washington Post
Leaked secret documents detail additional Chinese spy balloons - The Washington Post