Risky Business #750 -- Why Microsoft's Recall is an attacker's best friend

PLUS: Russian logistics firm stung by ransomware…
29 May 2024 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Russian delivery company gets ransomware-wiper’d
  • A supply-chain attack targets video software used in US courts
  • Checkpoint firewalls get hacked, details as clear as mud
  • Microsoft Recall delights hackers
  • Aussie telco Optus gets told its IR report isn’t legal advice
  • Cyber insurer says you’re 5x more likely to get rekt if you have a Cisco ASA
  • And much, much more.

This week’s episode is sponsored by Kroll Cyber. Alex Cowperthwaite, Kroll’s technical director research and development for offence joins to talk about how his team attacks AI models, in ways both classic and new.

Show notes

Major Russian delivery company down for three days due to cyberattack
Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
Check Point Software customers targeted by hackers using old, local VPN accounts | Cybersecurity Dive
US pharma giant Cencora says Americans' health information stolen in data breach | TechCrunch
Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’ | WIRED
Kevin Beaumont: "I got ahold of the Copilot+ so…" - Cyberplace
Kevin Beaumont: "For those who aren’t aware, Mi…" - Cyberplace
Patrick Gray on X: "You know it’s coming… Microsoft Defender Advanced Security for Recall"
Microsoft Edge for Business: Revolutionizing your business with AI, security and productivity - Microsoft Edge Blog
Optus loses appeal to keep Deloitte report on cyberattack secret
Optus says it will defend allegations it failed to protect confidential details of 9 million customers in cyber attack - ABC News
Nearly 3 million affected by Sav-Rx data breach
Spyware app pcTattletale was hacked and its website defaced | TechCrunch
#F**kStalkerware pt. 6 - tattling on pcTattletale
Spyware maker pcTattletale shutters after data breach | TechCrunch
Jeremy Kirk: "Cyber insurer Coalition releas…" - Infosec Exchange
TikTok says it disrupted 15 influence operations this year — including one from China
Israeli private eye accused of hacking was questioned about DC public affairs firm, sources say | Reuters
RansomHub claims attack on Christie’s, the world’s wealthiest auction house
Open-Source Assessments of AI Capabilities: The Proliferation of AI Analysis Tools, Replicating Competitor Models, and the Zhousidun Dataset
Shashank Joshi on X: "Additionally, OpenAI will retain and consult with other safety, security, and technical experts to support this work, including former cybersecurity officials, Rob Joyce [@RGB_Lights], who advises OpenAI on security, and John Carlin."