Risky Business

Risky Business #698 -- Why LastPass was probably DPRK*

Listen Later

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why the White House’s cybersecurity strategy is actually quite good
  • The LastPass breach was probably DPRK
  • UEFI bootkits are going downmarket, and this is bad
  • GitHub will scan repos for secrets
  • A look at some interesting DJI drone research
  • Much, much more

    • This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    * NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

    Show notes
    • Risky Biz News: White House unveils National Cybersecurity Strategy
    • White House looks to put cybersecurity pressure on companies
    • Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop
    • Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch
    • LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
    • Give Me E2EE or Give Me Death - by Tom Uren
    • Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica
    • GitHub’s secret scanning alerts now available for all public repos
    • This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED
    • Hackers steal gun owners’ data from firearm auction website | TechCrunch
    • New ATM Malware 'FiXS' Emerges - SecurityWeek
    • US government warns Royal ransomware is targeting critical infrastructure | TechCrunch
    • Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web
    • Hospital Clínic de Barcelona severely impacted by ransomware attack
    • Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area
    • Salt Labs | Traveling with OAuth - Account Takeover on Booking.com
    • Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica
    • The life-upending flaw that USPS won’t fix | TechCrunch
    • Powerful Meta large language model widely available online | CyberScoop
    • We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Risky BusinessBy Patrick Gray
      • 4.6
      • 4.6
      • 4.6
      • 4.6
      • 4.6

      4.6

      364 ratings

      More shows like Risky Business

      View all
      Hacked by Hacked

      Hacked

      187 Listeners

      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,004 Listeners

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

      371 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      637 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,022 Listeners

      Smashing Security by Graham Cluley

      Smashing Security

      322 Listeners

      Click Here by Recorded Future News

      Click Here

      414 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,018 Listeners

      Cybersecurity Today by Jim Love

      Cybersecurity Today

      174 Listeners

      Hacking Humans by N2K Networks

      Hacking Humans

      314 Listeners

      CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

      CISO Series Podcast

      189 Listeners

      Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

      Defense in Depth

      74 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      137 Listeners

      Risky Bulletin by risky.biz

      Risky Bulletin

      45 Listeners

      Hacker And The Fed by Chris Tarbell & Hector Monsegur

      Hacker And The Fed

      171 Listeners