Risky Business #704 -- Why LLMs aren't an exploit bonanza

PLUS: Mysterious hacker doxes Russian intelligence bitcoin addresses, steals holdings…
03 May 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Rob Joyce weighs in on AI and offsec
  • Mysterious hacker doxes Russian intelligence agency bitcoin wallets
  • Wired deep dives on SolarWinds
  • AmeriCold food logistics giant suffers incident
  • Iranian authorities roll low-tech spyware
  • Much, much more

This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI | WIRED
3 areas of generative AI the NSA is watching in cybersecurity | Cybersecurity Dive
NSA cyber director warns of ransomware attacks on Ukraine, Western supply chains
Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It
(1) Alex Banks on Twitter: "Yesterday Palantir announced its Artificial Intelligence Platform. Here's how it transforms the future of military and defence: https://t.co/TcgN29wN19" / Twitter
Russian Bitcoin (BTC) Wallets Allegedly Exposed by Apparent Hacker
DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED
SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED
Cold storage company Americold reports cyberattack to SEC
CISA seeks public comment on software security attestation form | Cybersecurity Dive
Secure Software Development Attestation Form Instructions
DHS pushes Congress to formally establish Cyber Safety Review Board
First draft of controversial UN Cybercrime Treaty slated for June
Return of the EARN IT Act rekindles encryption debate at critical moment for privacy-protecting apps | CyberScoop
Apple releases first ‘rapid’ security fixes for iPhones, iPads and Macs | TechCrunch
BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Lookout
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Hackers are breaking into AT&T email accounts to steal cryptocurrency | TechCrunch
CISA, FDA warn of new Illumina DNA device vulnerability
Apple and Google Set Joint Standards to Stop AirTag Stalking
Many Public Salesforce Sites are Leaking Private Data – Krebs on Security
Brother of man who ran Helix cryptocurrency mixer jailed for stealing 712 bitcoin
Nearly 300 arrested in sprawling international dark web drug market takedown | CyberScoop
Students’ psychological reports, abuse allegations leaked by ransomware hackers
Mandiant CEO’s 7 tips for cyber defense | Cybersecurity Dive
I Regret to Inform You That Bluesky Is Fun | WIRED