Risky Business #708 – China's lolbin-powered adventures in US critical infrastructure

PLUS: Trend backs BlackBerry's Cuba call...
31 May 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • China’s lolbin-powered intrusions into critical infrastructure
  • Trend Micro backs BlackBerry’s Cuba call
  • Anonymous Sudan shakes down Scandanavian Airlines
  • Iranian opposition party MEK publishes gargantuan leak
  • Much, much more

This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog
(1) New Messages!
U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters
Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters
Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines
Iranian dissidents take over high-security servers of regime presidency |
Iran-linked hackers Agrius deploying new ransomware against Israeli orgs
Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters
Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses
NSO spyware used in Armenia-Azerbaijan conflict, report finds
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
SMS pumping fraud: take care how you configure MFA - TechHQ
Full Disclosure: Printerlogic multiple vulnerabilities
Barracuda Networks issue added to CISA vulnerability list
Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive
Developing: RaidForums users db leaked
Phishing Domains Tanked After Meta Sued Freenom – Krebs on Security
Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop