Russian bears all up in your VMwares
The Risky Biz newsletter for December 8, 2020...The NSA has warned that an unnamed Russian state-backed actor has been observed exploiting bugs in VMware’s endpoint and identity management solutions.
The NSA has warned that an unnamed Russian state-backed actor has been observed exploiting bugs in VMware’s endpoint and identity management solutions.
Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.
VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.
On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:
Ransomware attacks are so rife and so costly that insurers are exploring ways to exclude ransom payments from their policies.
On this week’s show Patrick and Mark Piper discuss the week’s security news, including:
The UK Government has thrown a coming out party for its National Cyber Force (NCF), a military unit with a similar remit to US Cyber Command, confirming that the capability can be used in offensive security operations against criminal targets.
This is not an edition of the weekly news show, scroll back one episode in your podcast feed if you’re looking for that. Rhis is a wholly sponsored podcast brought to you by Bugcrowd.
Bugcrowd’s CEO Ashish Gupta joins us in this edition of the Soap Box. He’s been the CEO over there for about three years, taking the reins from our friend Casey Ellis who moved into the CTO position.
As you’re about to hear, the bug bounty companies have moved on from the days when they just provided the simple service of running bug bounty competitions for their clients. What’s emerging is a much more nuanced product mix designed to extract as much usefulness as possible out of the testers registered on their platforms.
On this week’s show Patrick and Adam discuss the week’s security news, including:
As his options for legal appeals thin out, Donald Trump is doing his utmost to undermine confidence in the 2020 election results. And yes, he’s blaming computers.
Payment data is being pitched as another tool to help contact tracing professionals squash outbreaks of COVID-19.
On this week’s show Patrick and Adam discuss the week’s security news, including:
Judging by what gets put on show, we can no longer safely assume US superiority in exploit development.
Australia’s Department of Home Affairs has yielded to pressure from industry and state governments to publish an exposure draft of the bill that underpins its plan to directly intervene in the cyber security of the country’s critical infrastructure.
Hospitals disrupted by ransomware attacks. Totally normal.
North Korea’s “Lazarus Group” gets through an impossibly prodigious amount of activity. That’s because this “group” is better understood as several distinct, connected clusters that together add up to North Korea’s formidable hacking operation.
On this week’s show Patrick and Adam discuss the week’s security news, including:
This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.
CISA and the FBI are calling out Russian intrusions as they see them, while US Treasury imposes sanctions on the developers of Triton ICS malware and Iranian disinformation shops.
In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:
On this week’s show Patrick and Adam discuss the week’s security news, including:
Russia, Russia, Russia. The US Department of Justice has indicted six members of Sandworm, a military intelligence unit of Russia’s GRU, while the UK accused it of preparing attacks on the (now postponed) Tokyo Olympics. Russian crews have also been identified in recent attacks against Norway’s parliament and state and local governments in the US. We also, reluctantly, touch on another actor with a Russian nexus, Rudy Giuliani.