Risky Business #709 -- Cl0p goes berserk with MOVEit 0day

Please oh please get rid of your file transfer servers...
07 Jun 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Russia’s FSB uncovers “NSA malware” on iPhones
  • Cl0p mass harvests data from MOVEit file transfer servers
  • ASD discloses a bunch of operations against ISIS, criminals
  • Why China’s prepositioning is probably… prepositioning
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Russia says US hacked thousands of Apple phones in spy plot | Reuters
Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign
Russia wants 2 million phones with home-grown Aurora OS for use by officials
Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком
Why China's Latest APT Campaign is Legitimately Worrying
War crimes committed through cyberspace must not escape international justice, says Estonian president
Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED
How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News
Australian intelligence's secret hand in bringing down the Bali bombers - ABC News
Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter
What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive
metlstorm: "Great, so now I have to roll i…" - Infosec Exchange
Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange
Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security
Wayback Machine
Discord Admins Hacked by Malicious Bookmarks – Krebs on Security
Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica
How university cybersecurity clinics can help cities fight ransomware | CyberScoop
Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter
BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange