June 13, 2023

Risky Business #710 -- Why your corporate VPN will get you owned

Listen Later

1 hour 2 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

Fortinet 0day Groundhog Day

CISA’s new binding directive on exposed management interfaces

Confirmed: US intelligence buying commercially available data

MOVEit drama rolls on

Much, much more

This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security

MOVEit announces second vulnerability; Minnesota schools agency breached with original bug

Confidential data downloaded from UK regulator Ofcom in cyberattack

Ransomware group Clop issues extortion notice to ‘hundreds’ of victims

Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch

CISA orders US civilian agencies to remove tools from public-facing internet

Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive

Microsoft says Azure outage was caused by ‘anomalous’ traffic spike

Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive

Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco

U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ

The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED

Srsly Risky Biz: Thursday, July 29 - by Tom Uren

National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post

Senators say Biden administration isn’t close on overhauling surveillance law

Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e

North Korean hacking group Lazarus linked to $35 million cryptocurrency heist

North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters

An Illinois hospital links closure to ransomware attack

Security professional's tweet forces big change to Google email authentication | CyberScoop

Can you trust ChatGPT’s package recommendations?

LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

364364 ratings

June 13, 2023

Risky Business #710 -- Why your corporate VPN will get you owned

Listen Later

1 hour 2 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

Fortinet 0day Groundhog Day

CISA’s new binding directive on exposed management interfaces

Confirmed: US intelligence buying commercially available data

MOVEit drama rolls on

Much, much more

This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security

MOVEit announces second vulnerability; Minnesota schools agency breached with original bug

Confidential data downloaded from UK regulator Ofcom in cyberattack

Ransomware group Clop issues extortion notice to ‘hundreds’ of victims

Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch

CISA orders US civilian agencies to remove tools from public-facing internet

Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive

Microsoft says Azure outage was caused by ‘anomalous’ traffic spike

Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive

Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco

U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ

The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED

Srsly Risky Biz: Thursday, July 29 - by Tom Uren

National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post

Senators say Biden administration isn’t close on overhauling surveillance law

Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e

North Korean hacking group Lazarus linked to $35 million cryptocurrency heist

North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters

An Illinois hospital links closure to ransomware attack

Security professional's tweet forces big change to Google email authentication | CyberScoop

Can you trust ChatGPT’s package recommendations?

LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive

...more

More shows like Risky Business

Hacked by Hacked

Hacked

187 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,010 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

651 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,020 Listeners

Smashing Security by Graham Cluley

Smashing Security

319 Listeners

Click Here by Recorded Future News

Click Here

416 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,055 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

180 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

139 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

169 Listeners