Risky Business #729 -- Why patching faster won't save us

PLUS: Why the ownCloud bug won't cause a MOVEit-scale disaster...
06 Dec 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Iran-linked attacks on US water infrastructure
  • Why the ownCloud bug isn’t the end of the world
  • The D-Link 0day that… never existed?
  • In defence of Okta
  • Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive
North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive
Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica
Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive
New Jersey, Pennsylvania hospitals affected by cyberattacks
60 credit unions facing outages due to ransomware attack on popular tech provider
HHS warns of ‘Citrix Bleed’ attacks after hospital outages
Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive
CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA
Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says
Latest severe Chrome bug prompts CISA warning
Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica
Okta again promises it is taking security seriously | Cybersecurity Dive
Okta: Breach Affected All Customer Support Users – Krebs on Security
Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta
Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions
Clandestine online operations now require sign-off by senior officials - The Washington Post
Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch
US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch
‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested
Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch