Risky Business #710 -- Why your corporate VPN will get you owned

More like Very Problematic Networking, amirite?
14 Jun 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Fortinet 0day Groundhog Day
  • CISA’s new binding directive on exposed management interfaces
  • Confirmed: US intelligence buying commercially available data
  • MOVEit drama rolls on
  • Much, much more

This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security
MOVEit announces second vulnerability; Minnesota schools agency breached with original bug
Confidential data downloaded from UK regulator Ofcom in cyberattack
Ransomware group Clop issues extortion notice to ‘hundreds’ of victims
Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch
CISA orders US civilian agencies to remove tools from public-facing internet
Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive
Microsoft says Azure outage was caused by ‘anomalous’ traffic spike
Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive
Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco
U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ
The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED
Srsly Risky Biz: Thursday, July 29 - by Tom Uren
National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post
Senators say Biden administration isn’t close on overhauling surveillance law
Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e
North Korean hacking group Lazarus linked to $35 million cryptocurrency heist
North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters
An Illinois hospital links closure to ransomware attack
Security professional's tweet forces big change to Google email authentication | CyberScoop
Can you trust ChatGPT’s package recommendations?
LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive