Risky Business #725 -- Microsoft knifes VBScript, passkeys the new default for Google accounts

PLUS: Why a bug in cURL could be messy...
11 Oct 2023 » Risky Business

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover:

  • Microsoft has killed VBScript
  • Google to make passkeys the new default sign-in method
  • MGM losses to exceed $100m
  • Clorox has a bad quarter
  • Why a bug in cURL could be really bad news
  • Much, much more

This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.

Show notes

Deprecated features in the Windows client - What's new in Windows | Microsoft Learn
Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED
AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive
MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive
Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive
Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states
Cybercrime gangs now deploying ransomware within 24 hours of hacking victims
Microsoft: Human-operated ransomware attacks tripled over past year
Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks
Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop
67 X accounts spread coordinated Israel-Hamas disinformation: report
John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X
Hacktivism erupts in response to Hamas-Israel war | TechCrunch
‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines
Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X
Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive
Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED
Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks
NVD - CVE-2023-44487
Maintainers warn of vulnerability affecting foundational open-source tool
23andMe user data targeting Ashkenazi Jews leaked online
23andMe User Data Stolen in Credential Stuffing Attack
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
From AI with love: Scammers integrate ChatGPT into dating-app tool
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED