February 14, 2023

Risky Business #695 -- North Korea is ransomwaring hospitals, Russia to make "patriotic" hacking legal

1 hour

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

North Korea is ransomwaring hospitals with homegrown and Russian strains

Russia proposes law greenlighting “patriotic hacks”

It’s 702 renewal time… again

CISA releases ESXiArgs recovery script (yay!)

UK mulls crimephone ban

Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics

Risky Biz News: US and UK sanction seven Trickbot members

United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury

Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability

The FBI’s Most Controversial Surveillance Tool Is Under Threat | WIRED

Meet the Creator of North Korea’s Favorite Crypto Privacy Service | WIRED

CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News

decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack

Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News

UK Proposes Making the Sale and Possession of Encrypted Phones Illegal

UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News

Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop

Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News

Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News

This week’s Reddit breach shows company’s security is (still) woefully inadequate | Ars Technica

Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News

Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig

Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs

OAuth ‘masterclass’ crowned top web hacking technique of 2022 | The Daily Swig

New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig

'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News

A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop

...more

View all episodes

By Patrick Gray

4.6

354354 ratings