October 10, 2023

Risky Business #725 -- Microsoft knifes VBScript, passkeys the new default for Google accounts

44 minutes

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover:

Microsoft has killed VBScript

Google to make passkeys the new default sign-in method

MGM losses to exceed $100m

Clorox has a bad quarter

Why a bug in cURL could be really bad news

Much, much more

This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.

Show notes

Deprecated features in the Windows client - What's new in Windows | Microsoft Learn

Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED

AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive

MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive

Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive

Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states

Cybercrime gangs now deploying ransomware within 24 hours of hacking victims

Microsoft: Human-operated ransomware attacks tripled over past year

Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks

Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop

67 X accounts spread coordinated Israel-Hamas disinformation: report

John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X

Hacktivism erupts in response to Hamas-Israel war | TechCrunch

‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines

Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X

Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive

Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED

Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X

HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks

NVD - CVE-2023-44487

Maintainers warn of vulnerability affecting foundational open-source tool

23andMe user data targeting Ashkenazi Jews leaked online

23andMe User Data Stolen in Credential Stuffing Attack

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

From AI with love: Scammers integrate ChatGPT into dating-app tool

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

...more

View all episodes

By Patrick Gray

4.6

352352 ratings