Risky Business #777 – It’s SonicWall’s turn

Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europe’s power grid Apple CPUs get a new speculative execution side channel And much, much more.

This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.

Show notes:

SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive https://www.cybersecuritydive.com/news/sonicwall-hackers-vulnerability-sma-1000/738333/

MasterCard DNS Error Went Unnoticed for Years – Krebs on Security https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/

Data breach hitting PowerSchool looks very, very bad - Ars Technica https://arstechnica.com/security/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing-their-info/

OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks’ | The Record from Recorded Future News https://therecord.media/deepseek-limits-registration-blames-malicious-attacks

Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News https://therecord.media/hacker-imitates-gamaredon-to-target-russia

UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News https://therecord.media/britain-undersea-cables-russian-spy-ship

Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News https://therecord.media/finland-eagle-s-tanker-questions-over-alleged-sabotage

Researchers say new attack could take down the European power grid - Ars Technica https://arstechnica.com/security/2025/01/could-hackers-use-new-attack-to-take-down-european-power-grid/

At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News https://therecord.media/69-million-stolen-cyberattack-crypto-platform-phemex

BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News https://therecord.media/breachforums-resentenced-supervised-release-admin

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/

Apple fixes zero-day flaw affecting all devices | TechCrunch https://techcrunch.com/2025/01/28/apple-fixes-zero-day-flaw-affecting-all-devices/

I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny https://eaton-works.com/2024/12/19/mcdelivery-india-hack/

Government websites vanish under Trump, from the Constitution to DEI https://www.nbcnews.com/tech/tech-news/government-websites-vanish-trump-constitution-dei-rcna188522

Trail of Bits: Director, Technical Marketing https://apply.workable.com/trailofbits/j/B49EEE1191/

Push Security: Security Researcher (remote in the USA) https://pushsecurity.bamboohr.com/careers/74