Risky Business Weekly Cybersecurity News Podcast, Episode 759

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover:

  • Iran tries an election hack’n’leak like its still 2016
  • Crowdstrike takes home the Pwnie for Epic Fail at Defcon
  • UK healthcare SaaS faces six million pound fine for lack of MFA
  • US circuit courts disagree on geofence warrants
  • Our roundup of juicy Blackhat/Defcon research
  • And much, much more.

This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through to the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems.

Show notes:

Trump campaign points finger at Iranian hackers for documents leak https://news.risky.biz/risky-biz-news-trump-campaign-points-finger-at-iranian-hackers-for-documents-leak/

FBI says it’s investigating efforts to hack Trump and Biden-Harris campaigns https://www.nbcnews.com/tech/security/fbi-says-s-investigating-trump-campaign-claim-hacked-files-rcna166197

Iranian hackers ramping up US election interference, Microsoft warns https://therecord.media/iranian-hackers-election-interference-microsoft

State Dept puts $10 million bounty on IRGC-CEC hackers https://news.risky.biz/risky-biz-news-state-dept-puts-10-million-bounty-on-irgc-cec-hackers/

CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says | Cybersecurity Dive https://www.cybersecuritydive.com/news/crowdstrike-critical-infrastructure-resiliency-cisa/723712/

x.com/singe/status/1822324795645575263?s=46&t=c3-PjKrJL2FoweS8BwrdHA https://x.com/singe/status/1822324795645575263?s=46&t=c3-PjKrJL2FoweS8BwrdHA

Russia’s Kursk region suffers ‘massive’ DDoS attack amid Ukraine offensive https://therecord.media/kursk-military-offensive-ddos-russia-ukraine

Elon Musk on X: “@markpinc Yeah” / X https://x.com/elonmusk/status/1823153623041552775

Progress Software says SEC declines to pursue action related to MOVEit exploitation spree | Cybersecurity Dive https://www.cybersecuritydive.com/news/progress-sec-declines-action-rmoveit/723707/

NHS software supplier Advanced faces £6m fine over ransomware attack failings https://therecord.media/nhs-software-supplier-hit-with-6-million-fine

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms | TechCrunch https://techcrunch.com/2024/08/08/security-bugs-in-ransomware-leak-sites-helped-save-six-companies-from-paying-hefty-ransoms/

5th Circuit rules geofence warrants illegal in win for phone users’ privacy | Ars Technica https://arstechnica.com/tech-policy/2024/08/5th-circuit-rules-geofence-warrants-illegal-in-win-for-phone-users-privacy/

Customs and Border Protection agents need a warrant to search your phone - The Verge https://www.theverge.com/2024/7/29/24209130/customs-border-protection-unlock-phone-warrant-new-york-jfk

Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say | TechCrunch https://techcrunch.com/2024/08/07/hackers-could-spy-on-cellphone-users-by-abusing-5g-baseband-flaws-researchers-say/

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED https://www.wired.com/story/amd-chip-sinkclose-flaw/

Downgrade Attacks Using Windows Updates | SafeBreach https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates

Listen to the whispers: web timing attacks that actually work | PortSwigger Research https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work

Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! | DEVCORE https://devco.re/blog/2024/08/09/confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-en/

Trail of Bits Advances to AIxCC Finals | Trail of Bits Blog https://blog.trailofbits.com/2024/08/12/trail-of-bits-advances-to-aixcc-finals/