On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australian spooks scrubbed Medibank data off Zservers bulletproof hosting
• Why device code phishing is the latest trick in confusing poor users about cloud authentication
• Cloudflare gets blocked in Spain, but only on weekends and because of… football?
• Palo Alto has yet another dumb bug
• Adam gushes about Qualys’ latest OpenSSH vulns

Enterprise browser maker Island is this week’s sponsor and Chief Customer Office Braden Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches.

Show notes:

Five Russians went out drinking. When they got back, Australia had struck https://www.smh.com.au/politics/federal/five-russians-went-out-drinking-when-they-got-back-australia-had-struck-20250212-p5lbfn.html

Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News https://therecord.media/dutch-police-take-down-127-servers-sanctioned-host

Further cyber sanctions in response to Medibank Private cyberattack | Defence Ministers https://www.minister.defence.gov.au/media-releases/2025-02-12/further-cyber-sanctions-response-medibank-private-cyberattack#:~:text=The%20sanctions%20announced%20today%20make,the%20individuals%20from%20entering%20Australia.

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/

Anyone Can Push Updates to the DOGE.gov Website https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/

Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway (Update) * TorrentFreak https://torrentfreak.com/spain-piracy-crisis-cloudflare-says-laliga-knew-danger-blocked-ip-address-anyway-250211/

Palo Alto Networks warns firewall vulnerability is under active exploitation | Cybersecurity Dive https://www.cybersecuritydive.com/news/palo-alto-networks-firewall-exploitation/740193/

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466

China’s Salt Typhoon hackers targeting Cisco devices used by telcos, universities | The Record from Recorded Future News https://therecord.media/china-salt-typhoon-cisco-devices

RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED https://www.wired.com/story/russia-sandworm-badpilot-cyberattacks-western-countries/

How Phished Data Turns into Apple & Google Wallets – Krebs on Security https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/

New hack uses prompt injection to corrupt Gemini’s long-term memory https://arstechnica.com/security/2025/02/new-hack-uses-prompt-injection-to-corrupt-geminis-long-term-memory/

Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence | The Record from Recorded Future News https://therecord.media/arizona-woman-pleads-guilty-north-korean-laptop-farm

US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News https://therecord.media/alexander-vinnik-reported-released-prisoner-swap-russia-us

EXCLUSIVE: A Russia-linked Telegram network is inciting terrorism and is behind hate crimes in the UK – HOPE not hate https://hopenothate.org.uk/2025/02/10/exclusive-a-russia-linked-telegram-network-is-inciting-terrorism-and-is-behind-hate-crimes-in-the-uk/

Remembering David Jorm - fundraising for Mental Health research https://www.mycause.com.au/p/365849/remembering-david-jorm-fundraising-for-mental-health-research