Risky Business #752 -- Apple announcements thrill and terrify at the same time

PLUS: Ex-NSA boffin Rob Joyce joins for the news
12 Jun 2024 » Risky Business

On this week’s show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob’s left the government service, he’s hobnobbing with us pundits, talking through the week’s news:

  • Apple announces a big leap for confidential cloud computing into the mass market
  • While at the same time, letting you just mosey around your iPhone from your Mac
  • Mandiant reports in about the Snowflake breach
  • Moody’s say credit ratings might consider cyber incidents
  • Microsoft fixes an Azure flaw with a… “comprehensive documentation update”
  • And much, much more.

This week’s show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico’s COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem.

Show notes

Apple makes a password manager play in a heavily targeted market | Cybersecurity Dive
macOS Sequoia takes productivity and intelligence on Mac to new heights - Apple
The Wiretap: Apple’s AI Announcement Promises Big Security Boosts–Not Everyone Is Convinced
Matthew Green on X: "Ok there are probably half a dozen more technical details in the blog post. It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this. 14/" / X
Risky Biz News: Microsoft budges on Windows 11 Recall
Tenable finds an Azure flaw, Microsoft calls it a feature • The Register
LendingTree confirms that cloud services attack potentially affected subsidiary
Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica
7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope | Ars Technica
Urgent call for O-type blood donations following London hospitals ransomware attack
Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down
Cyberattacks pose mounting risks to creditworthiness: Moody’s | Cybersecurity Dive
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
FCC moves ahead on internet routing security rules | CyberScoop
House Republicans propose eliminating funding for election security | CyberScoop
New DJI policy: No flight record syncing for US drone pilots
Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors
Critical PHP CVE is under attack — research shows it’s easy to exploit | Cybersecurity Dive
A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED