Risky Business #741 -- The Mintlify breach and modern supply chains

PLUS: We were tricked! By the machines!!
20 Mar 2024 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Turns out AI is still bad code review after all,
  • Mintlify loses a bunch of Github tokens,
  • Everything old is new again with the UDP loop DoS,
  • Know-your-(recon satellite)-customer is hard,
  • Microsoft takes away Russia’s powershell, solving living off the land,
  • And much, much more

This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

Show notes

Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim
Incident report on March 13, 2024 - Mintlify
Loop DoS: New Denial-of-Service attack targets application-layer protocols
State of IP Spoofing
Pharmaceutical development company investigating cyberattack after LockBit posting
Exclusive: After LockBit’s takedown, its purported leader vows to hack on
Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News
A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic
Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters
Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ
Russians will no longer be able to access Microsoft cloud services, business intelligence tools
Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News
Researchers spot updated version of malware that hit Viasat | CyberScoop
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA
US is still chasing down pieces of Chinese hacking operation, NSA official says
875 workers rescued in Tarlac POGO raid | Philippine News Agency
Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica
Mike Lindell must pay a Nevada man after election data dispute - The Washington Post