Risky Biz News: Okta Super Administrator accounts targeted

PLUS: LogicMonitor customers get ransomwared; NIST publishes CI/CD security framework; and Microsoft retires WordPad.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: The UK snoopers' charter won't stop security patches

PLUS: A detailed look at China's Barracuda campaign…

In this podcast Patrick Gray and Tom Uren about proposed changes to the UK’s Investigatory Powers Act. Some pundits are saying the changes will clear the way for the government to prevent tech companies from rolling out security patches. They’re wrong.

They also look at a new Mandiant report that dives deeper into a recent Chinese group’s campaign that compromised Barracuda Email Security Gateways. The report provides a wonderful overview of the campaign.

Risky Biz News: FBI nukes Qakbot botnet

PLUS: Cisco VPNs targeted by Akira ransomware; Barracuda hacking spree hit 5% of all ESG appliances; and major BGP software vulnerability disclosed.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Risky Business #719 -- FBI vapes 700,000 Qakbot infections

The G-men also raided the operators' Bitcoin stash...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • The FBI takes down Qakbot, steals operators’ bitcoins ha ha
  • Danish hosting provider completely destroyed in ransomware attack
  • Sophisticated Russian cyber attack on Polish trains. Well. Not really.
  • Microsoft revokes cert then revokes its revocation
  • Much, much more!

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Between Two Nerds: Know thyself

Knowing your assets vs knowing what is important...

In this edition of Between Two Nerds Tom Uren and The Grugq look at how asset inventory tools aren’t a substitute for knowing what a business values.

Srsly Risky Biz: Why did Russia deploy hackers to war zones?

PLUS: The US Government push to secure open source software...

In this podcast Patrick Gray and Tom Uren talk about how Ukraine has countered Russia’s cyber operations.

They also look at various initiatives the US government is taking to secure open source software and ask whether it is getting serious about FOSS.

Risky Biz News: South Korea investigates Chinese "spy chips"

PLUS: Ecuador's election disrupted by cyberattack; Baghdad bans LED billboards after hack; and Ivanti patches another zero-day.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Risky Business #718 -- Chaos and carnage, business as usual

PLUS: Why PowerShell Gallery needs to get its house in order…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

(NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!)

  • US Government warnings to private space sector on cyber risk
  • Ukrainian hackers dump the inbox of Russian Duma deputy chair
  • Absentee voting in Ecuador’s election disrupted by DDoS attack
  • South Korea warns of Chinese “spy chips”
  • Much, much more!

This week’s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week’s show to talk about Powershell Constrained Language mode.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Feature Interview: How Sandworm prepared Ukraine for a cyber war

An interview with the Security Service of Ukraine's head of cyber Illia Vitiuk…

In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia’s invasion.

From turning off Ukraine’s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia’s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions.

How has Ukraine been able to withstand Russia’s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.

Risky Biz Sponsor Interview: Using AI to do security research

Dan Guido from Trail of Bits talks about how to use AI to guide security research....

In this Risky Business News sponsor interview Tom Uren talks to Dan Guido, CEO of Trail of Bits, about AI. Dan thinks AI technologies will be a “game changer”. But he also thinks the conversation around AI is not very sophisticated just yet.

Risky Business #717 -- The kids are okay. At ripping your face off.

CSRB Vice Chair Heather Adkins talks about the CSRB's Lapsus$ report…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • More victims identified in Chinese breach of Microsoft email accounts
  • Cyber Safety Review Board to investigate Microsoft
  • We got some stuff wrong last week
  • More details on Viasat hack revealed
  • Special guest Heather Adkins talks about the CSRB’s Lapsus$ report
  • Much, much more

This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.