Risky Business Podcast
August 02, 2023
Risky Business #715 -- Pressure mounts on Microsoft to explain itself
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Ron Wyden’s “please explain” letter to Microsoft
- Chinese APT crews prepositioning to disrupt US military logistics
- China claims US hacked its seismology sensors
- Ivanti/MobileIron exploitation going vertical
- Much, much more
This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Brought to you by Stairwell
Find today's cyberthreats in seconds with Stairwell!
Show notes
Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach
Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools
U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
China accuses U.S. of hacking earthquake monitoring equipment
Exclusive: Pentagon Investigates ‘Critical Compromise’ Of Air Force Communications Systems
CISA: Ivanti hacks targeting Norway began in April
US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’ | TechCrunch
Ivanti warns of second vulnerability used in attacks on Norway gov’t
US contractor says info of up to 10 million leaked in MOVEit breach
British ambulances unable to access patient records system following cyberattack
Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive
An Unexpected Endorsement for WebAuthn | Okta Security
SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive
White House unveils ‘whole of society’ push to expand cybersecurity workforce
Section 702 surveillance powers are necessary, but FBI access needs limits, panel says
The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED
Kazakhstan refuses to extradite detained Russian cyber expert to US
Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters
No evidence ransomware victims with cyber insurance pay up more often, UK report says
‘Worm-like’ botnet malware targeting popular Redis storage tool
Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch
Bug in Minecraft mods allows hackers to exploit players' devices