On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Brazil’s supreme court bans X-formerly-Twitter,
• Iranian cyber teams cooperate with ransomware crews
• While North Koreans wield chrome-windows 0-day
• Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
• The White House is coming for your unsigned BGP announcements
• And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!

Brazil X ban: Top court judges uphold block of Musk’s platform https://www.bbc.com/news/articles/crkmpe53l6jo

Bolsonaro proposed Brazil coup plan after 2022 election loss: Court records | Jair Bolsonaro News | Al Jazeera https://www.aljazeera.com/news/2024/3/15/bolsonaro-presented-plan-to-reverse-election-after-2022-loss-court-records

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a

Malicious North Korean packages appear again in open source code repository https://therecord.media/npm-javascript-repository-north-korean-malware

North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/

SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions https://www.sec.gov/newsroom/press-releases/2024-101

Chinese ‘Spamouflage’ operatives are mimicking disillusioned Americans online https://therecord.media/spamouflage-influence-operation-china

Researchers uncover ‘SlowTempest’ espionage campaign within China https://therecord.media/espionage-campaign-china-slowtempest

City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/

Bypassing airport security via SQL injection https://ian.sh/tsa

Cyberattack hits agency responsible for London’s transport network https://therecord.media/transport-for-london-cyberattack

German air traffic control agency confirms cyberattack, says operations unaffected https://therecord.media/german-air-traffic-control-company-deutsche-flugsicherung-cyberattack

White House calls attention to ‘hard problem’ of securing internet traffic routing https://therecord.media/white-house-bgp-hard-problem-guidance

Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say https://therecord.media/cambodian-scam-giant-handled-billions-in-transactions

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive https://www.cybersecuritydive.com/news/crowdstrike-it-outage-reckoning/725636/

Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/