March 07, 2023

Risky Business #698 -- Why LastPass was probably DPRK*

Listen Later

1 hour

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

Why the White House’s cybersecurity strategy is actually quite good

The LastPass breach was probably DPRK

UEFI bootkits are going downmarket, and this is bad

GitHub will scan repos for secrets

A look at some interesting DJI drone research

Much, much more

This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

Show notes

Risky Biz News: White House unveils National Cybersecurity Strategy

White House looks to put cybersecurity pressure on companies

Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop

Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach

Give Me E2EE or Give Me Death - by Tom Uren

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

GitHub’s secret scanning alerts now available for all public repos

This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED

Hackers steal gun owners’ data from firearm auction website | TechCrunch

New ATM Malware 'FiXS' Emerges - SecurityWeek

US government warns Royal ransomware is targeting critical infrastructure | TechCrunch

Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web

Hospital Clínic de Barcelona severely impacted by ransomware attack

Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area

Salt Labs | Traveling with OAuth - Account Takeover on Booking.com

Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica

The life-upending flaw that USPS won’t fix | TechCrunch

Powerful Meta large language model widely available online | CyberScoop

We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

354354 ratings

March 07, 2023

Risky Business #698 -- Why LastPass was probably DPRK*

Listen Later

1 hour

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

Why the White House’s cybersecurity strategy is actually quite good

The LastPass breach was probably DPRK

UEFI bootkits are going downmarket, and this is bad

GitHub will scan repos for secrets

A look at some interesting DJI drone research

Much, much more

This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

Show notes

Risky Biz News: White House unveils National Cybersecurity Strategy

White House looks to put cybersecurity pressure on companies

Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop

Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach

Give Me E2EE or Give Me Death - by Tom Uren

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

GitHub’s secret scanning alerts now available for all public repos

This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED

Hackers steal gun owners’ data from firearm auction website | TechCrunch

New ATM Malware 'FiXS' Emerges - SecurityWeek

US government warns Royal ransomware is targeting critical infrastructure | TechCrunch

Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web

Hospital Clínic de Barcelona severely impacted by ransomware attack

Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area

Salt Labs | Traveling with OAuth - Account Takeover on Booking.com

Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica

The life-upending flaw that USPS won’t fix | TechCrunch

Powerful Meta large language model widely available online | CyberScoop

We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig

...more

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,970 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

Hacked by Hacked

Hacked

176 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Malicious Life by Malicious Life

Malicious Life

925 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,876 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners