November 01, 2022

Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack

1 hour 2 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

Twitter bluechecks face phishing barrage

Australian government goes berserk on Medibank hack response

Former WSJ journalist sues law firm over email hack and info op that got him fired

OpenSSL bug lands with a whimper

Apple macOS Ventura update breaks security tools

Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Twitter’s verification chaos is now a cybersecurity problem | TechCrunch

Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica

Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post

Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters

The source - Columbia Journalism Review

Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig

OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig

Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future

Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future

Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future

NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future

Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED

Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future

How Vice Society Got Away With a Global Ransomware Spree | WIRED

FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future

Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig

Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security

Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica

Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future

Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig

Microsoft's Sociopathic Cybersecurity Pedantry

Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security

European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future

How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

...more

View all episodes

By Patrick Gray

4.6

352352 ratings