April 25, 2023

Risky Business #703 -- Russia whines about its tech dependence on China

Listen Later

56 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

The supply chain attack in the supply chain attack

Russia has a China dependency problem

Recent research into TLS resumption flaws

Google and Intel team up on hardware hacking

DHS will hack enterprise kit

Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated

Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg

Hackers to show they can take over a European Space Agency satellite

DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing

To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop

Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop

US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure

Bill proposes new DHS centers for testing security of critical government tech

UK says ‘Wagner-like cyber groups’ attacking critical infrastructure

Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop

Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’

Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post

U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED

We Really Need to Talk About Session Tickets | System Security Group

Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks

Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica

Finding PaperCut MF and NG servers

DC health exchange breach traced back to misconfigured Amazon server

Ukraine remains Russia’s biggest cyber focus in 2023

The hacker Bassterlord in his own words: Portrait of an access broker as a young man

Hacker Group Names Are Now Absurdly Out of Control | WIRED

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

354354 ratings

April 25, 2023

Risky Business #703 -- Russia whines about its tech dependence on China

Listen Later

56 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

The supply chain attack in the supply chain attack

Russia has a China dependency problem

Recent research into TLS resumption flaws

Google and Intel team up on hardware hacking

DHS will hack enterprise kit

Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack - Updated

Russia China Worries Set Out in Private Memo on Tech Risk - Bloomberg

Hackers to show they can take over a European Space Agency satellite

DOJ urges CISOs to continue working with law enforcement ahead of Uber security chief’s sentencing

To combat cybercrime, US law enforcement increasingly prioritizes disruption | CyberScoop

Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said | CyberScoop

US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure

Bill proposes new DHS centers for testing security of critical government tech

UK says ‘Wagner-like cyber groups’ attacking critical infrastructure

Russia's digital warriors adapt to support the war effort in Ukraine, Google threat researchers say | CyberScoop

Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’

Ex-NSA boss won $700,000 Saudi consulting deal after Khashoggi death - The Washington Post

U.S. approves massive arms sale to Saudi Arabia, United Arab Emirates to counter Iran | PBS NewsHour

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs | WIRED

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices | WIRED

We Really Need to Talk About Session Tickets | System Security Group

Internet protocol vulnerability opens door to ‘massive’ DoS amplification attacks

Exploit released for 9.8-severity PaperCut flaw already under attack | Ars Technica

Finding PaperCut MF and NG servers

DC health exchange breach traced back to misconfigured Amazon server

Ukraine remains Russia’s biggest cyber focus in 2023

The hacker Bassterlord in his own words: Portrait of an access broker as a young man

Hacker Group Names Are Now Absurdly Out of Control | WIRED

...more

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,970 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

Hacked by Hacked

Hacked

176 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Malicious Life by Malicious Life

Malicious Life

925 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,876 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners