In this podcast Patrick Gray and Adam Boileau from Risky Business Media talk through the week’s cybersecurity news. Links to everything discussed are below:

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive https://www.cybersecuritydive.com/news/business-interruption-claims-will-drive-insurance-losses-linked-to-crowdstr/722775/

Delta hires David Boies to seek damages from CrowdStrike, Microsoft https://www.cnbc.com/2024/07/29/delta-hires-david-boies-to-seek-damages-from-crowdstrike-microsoft-.html

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds | Cybersecurity Dive https://www.cybersecuritydive.com/news/crowdstrike-cost-fortune-500-losses-cyber-insurance/722396/

Why CrowdStrike’s Baffling BSOD Disaster Was Avoidable - YouTube https://www.youtube.com/watch?v=EGRqtscp4eE&t=1159s

CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/?guccounter=1

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/

Hackers exploit VMware vulnerability that gives them hypervisor admin | Ars Technica https://arstechnica.com/security/2024/07/hackers-exploit-vmware-vulnerability-that-gives-them-hypervisor-admin/

Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’ | CyberScoop https://cyberscoop.com/microsoft-calls-out-apparent-esxi-vulnerability-that-some-researchers-say-is-a-nothing-burger/

AMI Platform Key leak undermines Secure Boot on 800+ PC models https://news.risky.biz/risky-biz-news-ami-platform-key-leak-undermines-secure-boot-on-800-pc-models/

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/

Google Online Security Blog: Improving the security of Chrome cookies on Windows https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

Cyber firm KnowBe4 hired a fake IT worker from North Korea | CyberScoop https://cyberscoop.com/cyber-firm-knowbe4-hired-a-fake-it-worker-from-north-korea/

North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop https://cyberscoop.com/north-korea-hacking-indictment-fbi-apt-45/

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs https://media.defense.gov/2024/Jul/25/2003510137/-1/-1/0/Joint-CSA-North-Kor%20ea-Cyber-Espionage-Advance-Military-Nuclear-Programs.PDF

North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop https://cyberscoop.com/north-korean-hacking-group-makes-waves-to-gain-mandiant-fbi-spotlight/

Chaining Three Bugs to Access All Your ServiceNow Data https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data

ServiceNow spots sales opportunities post-CrowdStrike outage | Cybersecurity Dive https://www.cybersecuritydive.com/news/servicenow-ceo-crowdstrike-outage/722632/

Cyber Supply Chain Risk Management Conference (CySCRM) 2024 | Conference | PNNL https://www.pnnl.gov/events/cyber-supply-chain-risk-management-conference-cyscrm-2024