Risky Business #703 -- Russia whines about its tech dependence on China

PLUS: Yo dawg, I hear you like supply chain attacks so I put a supply chain attack in your supply chain attack...
26 Apr 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • The supply chain attack in the supply chain attack
  • Russia has a China dependency problem
  • Recent research into TLS resumption flaws
  • Google and Intel team up on hardware hacking
  • DHS will hack enterprise kit
  • Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated
Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg
Hackers to show they can take over a European Space Agency satellite
DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing
To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop
Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop
US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure
Bill proposes new DHS centers for testing security of critical government tech
UK says ‘Wagner-like cyber groups’ attacking critical infrastructure
Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop
Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’
Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post
U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour
Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED
Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED
We Really Need to Talk About Session Tickets | System Security Group
Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks
Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica
Finding PaperCut MF and NG servers
DC health exchange breach traced back to misconfigured Amazon server
Ukraine remains Russia’s biggest cyber focus in 2023
The hacker Bassterlord in his own words: Portrait of an access broker as a young man
Hacker Group Names Are Now Absurdly Out of Control | WIRED