March 28, 2023

Risky Business #701 -- Why infosec is wrong about TikTok

58 minutes

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.

On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:

The Biden White House’s executive order on spyware

Why the infosec community writ large is wrong on TikTok

Clop campaign: it’s time to ditch your file transfer gateways

Major Android app booted from store because it was full of 0day privesc exploits lol

More detail on the BreachForums admin arrest

Much, much more

This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.

Show notes

At least 50 U.S. government employees hit with spyware, White House says

Kevin McCarthy says House 'will be moving forward' with TikTok legislation

US lawmakers tell TikTok CEO the app ‘should be banned’

Between Two Nerds: The Real Problem with TikTok - Risky Business

New victims come forward after mass-ransomware attack | TechCrunch

UK Pension Protection Fund latest victim of GoAnywhere hack

Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News

Fortra told breached companies their data was safe | TechCrunch

When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT

City of Toronto and Virgin confirm hackers accessed data through file transfer systems

Tasmania investigating attack after Clop ransomware group adds to victim list

Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian

Android app from China executed 0-day exploit on millions of devices | Ars Technica

Telecom giant Lumen says it discovered two separate cyber intrusions

Tennessee city hit with ransomware attack

FBI, CISA investigating cyberattack on Puerto Rico’s water authority

British hospital investigating impact of ‘contained’ cyber incident

Largest telecom in Guam starts restoring services after cyberattack

Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say

UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data

How the FBI caught the BreachForums admin | TechCrunch

Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign

North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED

“Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News

Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist

Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch

...more

View all episodes

By Patrick Gray

4.6

352352 ratings