On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• A ransomware attack has crippled US supply chain software provider Blue Yonder
• Russian spies hack nearby wifi to get to their targets, but that doesn’t seem surprising?
• Salt Typhoon’s attacks on telcos are hard to solve and big on impact
• China’s surveillance state workers sell their access at home
• Palo Alto is bad and should feel bad
• And much, much more.

In this week’s sponsor interview Patrick Gray chats with Matt Muller from Tines about Gartner’s “spicy take” that the SOAR category is dead. SOAR is dead! Long live SOAR!

Show notes:

Retailers struggle after ransomware attack on supply chain tech provider Blue Yonder | The Record from Recorded Future News https://therecord.media/retailers-struggle-after-ransomware-attack-on-supply-chain-tech-company

Customer Update https://blueyonder.com/customer-update

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/

China’s Salt Typhoon hackers target telecom firms in Southeast Asia with new malware | The Record from Recorded Future News https://therecord.media/china-salt-typhoon-targets-southeast-asia-telecom

Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned https://www.nytimes.com/2024/11/22/us/politics/chinese-hack-telecom-white-house.html

Top senator calls Salt Typhoon “worst telecom hack in our nation’s history” - The Washington Post https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/

Privacy-focused mobile phone launches for high-risk individuals | CyberScoop https://cyberscoop.com/cape-phone-privacy-calea-tracking/

China’s Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED https://www.wired.com/story/chineses-surveillance-state-is-selling-citizens-data-as-a-side-hustle/

Former Verizon employee gets four-year sentence for sharing cyber secrets with Chinese government | The Record from Recorded Future News https://therecord.media/former-verizon-worker-sentenced-china

Surveillance Legislation (Confirmation of Application) Bill 2024 – Parliament of Australia https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r7294

ParlInfo - BILLS : Surveillance Legislation (Confirmation of Application) Bill 2024 : Second Reading https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22chamber%2Fhansardr%2F28041%2F0066%22

ParlInfo - Surveillance Legislation (Confirmation of Application) Bill 2024 https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22legislation%2Fems%2Fr7294_ems_f25e7d76-b990-4f10-87e2-600b54a11636%22

ParlInfo - Surveillance Legislation (Confirmation of Application) Bill 2024 https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22legislation%2Fems%2Fr7294_ems_6a0cc7be-6a80-4ccf-9e9a-1e298f6d417c%22

Chris Bing: “Regarding the reported hack of the Gaetz-ethics committee report, the file storage platform (FileShare) that held the document said they weren’t hacked. But rather: “this file was shared anonymously which allowed anyone to download. This was not a breach”” — Bluesky https://bsky.app/profile/chrisbing.bsky.social/post/3lbfgssdlpx24

Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say https://www.404media.co/tether-has-become-a-massive-money-laundering-tool-for-mexican-drug-traffickers-feds-say/

Palo Alto Networks boasts as customers coalesce on its platforms | Cybersecurity Dive https://www.cybersecuritydive.com/news/palo-alto-networks-consolidation-momentum/733612/

Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited | Cybersecurity Dive https://www.cybersecuritydive.com/news/palo-alto-networks-disputes-shadowserver-firewall-exploit-scans/733728/

RSF investigation: the Indian cyber-security giant silencing media outlets worldwide | RSF https://rsf.org/en/rsf-investigation-indian-cyber-security-giant-silencing-media-outlets-worldwide

Patrick Gray (@patrick.risky.biz) — Bluesky https://bsky.app/profile/patrick.risky.biz

metlstorm (@metlstorm.risky.biz) — Bluesky https://bsky.app/profile/metlstorm.risky.biz

Catalin Cimpanu (@campuscodi.risky.biz) — Bluesky https://bsky.app/profile/campuscodi.risky.biz

Tom Uren (@tom.risky.biz) — Bluesky https://app.bsky.cz/profile/tom.risky.biz