Risky Business Podcast

February 07, 2024

Risky Business #735 -- AnyDesk fails the transparency test

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Thought eels were slippery? Check out AnyDesk’s PR!
  • Why Microsoft’s 365 is a nightmare to secure
  • Cloudflare’s needlessly hostile blog post
  • US Government introduces “Disneyland ban” for spyware peddlers
  • Much, much more…

This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles.

This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!

Risky Business #735 -- AnyDesk fails the transparency test
0:00 / 0:00

Show notes

AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive

AnyDesk says software ‘safe to use’ after cyberattack

Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence

Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security

Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members

Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive

Thanksgiving 2023 security incident

US announces visa restriction policy targeting spyware abuses

Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State

Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK

New Google TAG report: How Commercial Surveillance Vendors work

A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED

American businessman settles hacking case in UK against law firm

Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government

Another Chicago hospital announces cyberattack

Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica

Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations

Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica

The far right is scaring away Washington's private hacker army - POLITICO

Our thoughts on AIxCC’s competition format | Trail of Bits Blog

How CISA can improve OSS security | Trail of Bits Blog

Securing open-source infrastructure with OSTIF | Trail of Bits Blog

Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog

30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog

Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog

The Unguarded Moment (2002 Digital Remaster) - YouTube

Boy Swallows Universe | Official Trailer | Netflix - YouTube