On this week’s weekly Risky Business cybersecurity podcast Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Sophos drops implants on Chinese firewall exploit devs
• Microsoft workshops better just-in-time Windows admin privileges
• Snowflake hacker arrested in Canada
• Okta has a fun, but not very impactful auth-bypass bug
• Russians bring dumb-but-smart RDP client attacks
• And much, much more.

Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is available on Youtube (https://www.youtube.com/watch?v=QDh5-ZL3nis)) for those who want to really live vicariously through Sophos doing what every vendor probably wants to do.

This week’s episode is sponsored by attack surface mapping vendor runZero. Founder and CEO HD Moore joins to talk about marrying up the outside and inside views of your network.

Show notes:

Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/

Does bcrypt have a maximum password length? - Information Security Stack Exchange https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length

Local Administrator Protection | Privilege Protection https://call4cloud.nl/local-administrator-protection-privilege-protection/

Inside Sophos’ 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED https://www.wired.com/story/sophos-chengdu-china-five-year-hacker-war/

A Deeper Look at FortiJump (FortiManager CVE-2024-47575) | Bishop Fox https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575

Man Arrested for Snowflake Hacking Spree Faces US Extradition | WIRED https://www.wired.com/story/connor-moucka-snowflake-hack-arrest-extradition/

Google uses large language model to discover real-world vulnerability https://therecord.media/google-llm-sqlite-vulnerability-artificial-intelligence

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI https://www.greynoise.io/press/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai

Thousands of hacked TP-Link routers used in yearslong account takeover attacks - Ars Technica https://arstechnica.com/information-technology/2024/11/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks/#gsc.tab=0

CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files | Cybersecurity Dive https://www.cybersecuritydive.com/news/cisa-threat-group-spearphishing/731737/

Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns https://therecord.media/canada-20-government-agencies-hacked-china-last-four-years

India-Canada row: Canadian officials confess to leaking ‘intel’ against India to Washington Post - India Today https://www.indiatoday.in/world/canada-news/story/canadian-officials-confess-leaking-intelligence-sensitive-information-against-india-washington-post-2625379-2024-10-30

Amid diplomatic row, Canada names India in ‘cyberthreat adversary’ list, accuses it of ‘likely spying’ | World News - The Indian Express https://indianexpress.com/article/world/canada-india-cyberthreat-adversary-list-9650375/

The Untold Story of Trump’s Failed Attempt to Overthrow Venezuela’s President | WIRED https://www.wired.com/story/trump-cia-venezuela-maduro-regime-change-plot/

Risky Biz News: The mystery at Mango Park https://news.risky.biz/risky-biz-news-the-mystery-at-mango-park-and-the-cambodian-governments-shady-reaction/

North Korean hackers seen collaborating with Play ransomware group, researchers say https://therecord.media/north-korean-hackers-collaborate-with-play-ransomware