Risky Business #755 -- SSH 0day! Polyfill drama! Entrust crushed!

It’s been a hell of a week…
03 Jul 2024 » Risky Business

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Widely used polyfill javascript gets hijacked by its new owners
  • MacOS supply chain disaster bullet dodged
  • That OpenSSH remote code exec OH MY <3
  • Entrust gets its CA business kicked to the kerb by Google
  • South Korean telco intentionally viruses 600k customers
  • Microsoft continues to deeply underwhelm
  • And much, much more.

This week’s episode is sponsored by Greynoise. Founder Andrew Morris joins to talk about ways to track attackers across NAT and VPNs, as well as how you can join in the fun of running an internet-scale honeypot network.

Show notes

Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites
3 million iOS and macOS apps were exposed to potent supply-chain attacks
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
Google Online Security Blog: Sustaining Digital Certificate Security - Entrust Certificate Distrust
TeamViewer: Hackers copied employee directory data and encrypted passwords
South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs | Tom's Hardware
CDK eyes service restoration for all car dealers by Fourth of July
‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments
Patelco Credit Union ransomware attack halts banking services for nearly half a million members
LockBit claims cyberattack on Croatia’s largest hospital
Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree
Suspected Chinese gov’t hackers used ransomware as cover in attacks on Brazil presidency, Indian health org
Nearly 4,000 arrested in global police crackdown on online scam networks
USD 257 million seized in global police crackdown against online scams
Microsoft alerts additional customers of state-linked threat group attacks
Midnight Blizzard Microsoft Email Data Sharing Request: Legit? : r/Office365
Polish Parliament strips official of immunity, clearing path for prosecution in spyware scandal
Stolen credentials could unmask thousands of darknet child abuse website users
WA man set up fake free wifi at Australian airports and on flights to steal people’s data, police allege
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
iOS 17 lockdown mode blocking CarPlay? : r/ios