Risky Business Cybersecurity

Academics develop a 5G downgrade attack, ransomware hits car salvage yards across North America, multiple VPN apps share the same hardcoded password, and Bangladesh spent $190 million on hacking and surveillance tools. Show notes Risky Bulletin: Academics pull off novel 5G attack

An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments. Show notes Risky Bulletin: MadeYouReset vulnerability enables unlimited HTTP/2 DDoS attacks

Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It’s about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years. They also discuss Microsoft’s involvement in an Israeli surveillance system and the head of Australia’s security organisation’s blunt warning about espionage. This episode is also available on Youtube. Show notes

Russia suspected of hacking a US Court system, researchers break the DarkBit ransomware’s encryption, a new attack can leak sensitive data from AMD processors, and a brute-force campaign targets Fortinet devices. Show notes Risky Bulletin: Crypto-thieves turn their sights to Open VSX

A security researcher scores $250,000 for a Chrome bug, WinRAR patches another zero-day, new vulnerabilities found in the Tetra communications protocol, and a researcher gains access to Microsoft’s internal network for fun… and no profit. Show notes Risky Bulletin: Researcher scores $250,000 for Chrome bug

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys. Show notes

Federal agencies told to patch a new Exchange flaw, millions of sites are vulnerable to HTTP desync attacks, Trend Micro patches a zero-day, and the Salesforce data breaches continue. Show notes Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack

Russian companies must migrate to domestic ERP systems, Ohio’s public sector will have to approve ransom payments in public, Chanel and Cisco disclose data breaches, and a Thai hospital gets fined over the the dumbest data breach ever. Show notes Risky Bulletin: Russia to designate ERPs as “critical information infrastructure”

In this edition of Between Two Nerds Tom Uren and The Grugq dissect the Belarusian Cyber Partisans hack of Russian airline Aeroflot. Despite the short-term impact, the airline will likely bounce back quite quickly. But it is still a big win for the Cyber Partisans. This episode is also available on Youtube. Show notes The Belarusian Cyber Partisans post on the hack Meduza’s analysis of the hack’s aftermath

China accuses the US of new cyberattacks, a $14.5b crypto hack discovered five years later, the US National Cyber Director is named, and Lovense considers legal action over a security flaw disclosure. Show notes Risky Bulletin: China with the accusations again

In this week’s sponsor interview, Tines’ Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they’ve seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover? Show notes

Russia spies on local embassies via ISPs, a Canadian man jailed for stealing Internet Apes, Signal threatens to leave Australia, and Russian pharmacies go down after a cyberattack. Show notes Risky Bulletin: Russia spies on foreign embassies using local ISPs

Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn’t deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes

Russia’s national airline cancels more than 100 flights following a cyberattack, the FBI seizes $2.4 million from the Chaos ransomware, Kazakhstan arrests a ransomware suspect, and Kyrgyzstan nationalizes internet access. Show notes Risky Bulletin: US seizes Chaos ransomware funds

Microsoft investigates a MAPP leak as the source of the SharePoint zero-day, US law enforcement takes down the BlackSuit ransomware portal, an Arizona woman is imprisoned for running a North Korean laptop farm, and Allianz life insurance suffers a security breach. Show notes

In this sponsored interview, Nucleus Security co-founder and COO, Scott Kuffer joins Casey Ellis to chat about how vulnerability management evolved into quite a lot more than just patch prioritization. Show notes

Microsoft rolls out better logging for incident responders, the SharePoint hacking spree hits major US agencies, Ukraine arrests the admin of a well-known hacking forum, and China launches a national Digital ID system. Show notes

Three Chinese APTs are behind the recent SharePoint zero-day attacks, the UK wants to ban the public sector from paying ransoms, Russia takes down a malware operation, and South Korea charges airline employees over selling celebrity data. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether China’s ‘cyber militia’ make sense and what they could be good for. This episode is also available on Youtube. Show notes Mobilizing Cyber Power: The Growing Role of Cyber Militias in China’s Network Warfare Force Structure

An Iranian security firm is behind an airline hacking spree, Chinese hackers breach Singapore’s critical infrastructure, new SharePoint and CrushFTP zero-days are being used in the wild, and Japan releases free ransomware decrypters. Show notes