Risky Business #776 – Trump will flex America’s cyber muscles

Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss:

The incoming Trump administration guts the CSRB Biden’s last cyber Executive Order has sensible things in it China’s breach of the US Treasury gets our reluctant admiration Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon New year, same shameful comedy Forti- and Ivanti- bugs US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing And much, much (much! after a month off) more.

This week’s episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you’ve got a telco full of unix, and people are asking how much Salt Typhoon you’ve got in there… Sandfly’s tools are probably what you’re looking for.

POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisers https://subscriber.politicopro.com/article/2025/01/acting-dhs-chief-ousts-csrb-experts-other-department-advisers-00199722

Treasury’s sanctions office hacked by Chinese government, officials say https://www.washingtonpost.com/national-security/2025/01/01/treasury-hack-china/

Strengthening America’s Resilience Against the PRC Cyber Threats | CISA https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats

AT&T, Verizon say they evicted Salt Typhoon from their networks https://www.cybersecuritydive.com/news/att-verizon-salt-typhoon/736680/

Risky Bulletin: Looking at Biden’s last cyber executive order - Risky Business https://risky.biz/risky-bulletin-looking-at-bidens-last-cyber-executive-order/

Internet-connected devices can now have a label that rates their security | Reuters https://www.reuters.com/technology/cybersecurity/internet-connected-devices-can-now-have-label-that-rates-their-security-2025-01-07/

US sanctions prominent Chinese cyber company for role in Flax Typhoon attacks https://therecord.media/us-sanctions-chinas-integrity-cyber-company-flax-typhoon

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense bill https://therecord.media/fcc-rip-and-replace-china-tech-tops-ndaa

CIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoop https://cyberscoop.com/cia-nominee-john-ratcliffe-cyber-offense/

Trump tells Justice Department not to enforce TikTok ban for 75 days https://www.nbcnews.com/tech/tech-news/trump-tells-justice-department-not-enforce-tiktok-ban-75-days-rcna188377

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future News https://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users

Unpacking WhatsApp’s Legal Triumph Over NSO Group | Lawfare https://www.lawfaremedia.org/article/unpacking-whatsapp-s-legal-triumph-over-nso-group

Time to check if you ran any of these 33 malicious Chrome extensions https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/

Researchers warn of active exploitation of critical Apache Struts 2 flaw https://www.cybersecuritydive.com/news/active-exploitation-apache-struts-2-flaw/736199/

DOJ deletes China-linked PlugX malware off more than 4,200 US computers https://therecord.media/doj-deletes-china-linked-plugx-malware

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers https://therecord.media/russian-internet-provider-says-network-destroyed-cyberattack

Ukraine restores state registers after suspected Russian cyberattack https://therecord.media/ukraine-restores-registers-after-cyberattack

Hackers claim to breach Russian state agency managing property, land records https://therecord.media/hackers-claim-to-breach-russian-state-agency-land-records

U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/