Risky Business #719 -- FBI vapes 700,000 Qakbot infections

The G-men also raided the operators' Bitcoin stash...
30 Aug 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • The FBI takes down Qakbot, steals operators’ bitcoins ha ha
  • Danish hosting provider completely destroyed in ransomware attack
  • Sophisticated Russian cyber attack on Polish trains. Well. Not really.
  • Microsoft revokes cert then revokes its revocation
  • Much, much more!

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters
Danish cloud host says customers ‘lost all data’ after ransomware attack | TechCrunch
VDP Platform 2022 Annual Report Showcases Platform’s Success | CISA
Proposed bill would require vulnerability disclosure policies for all federal contractors
The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED
Two suspects arrested following Poland railway hack
‘Incredible concern and anger’ among Metropolitan Police after hackers breach data
New malware from North Korea’s Lazarus used against healthcare industry
North Korea’s Lazarus hackers behind recent crypto heists: FBI
US arrests Tornado Cash co-founder, sanctions another who remains at large
Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security
(2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica
Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica
Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant
Unpacking the MOVEit Breach: Statistics and Analysis
The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer
Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs
Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive
British court convicts two teen Lapsus$ members of hacking tech firms
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. – Krebs on Security
Apple security updates could be banned by British government