November 28, 2023

Risky Business #728 -- The Citrixbleed ransomware disaster

1 hour 4 minutes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

The Citrixbleed ransomware crisis

Why the FBI hasn’t arrested Scattered Spider members

DPRK is in your supply chains

Microsoft has a brainwave and buys a HSM

When civil war meets pig butchering

Much, much more

This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA

Australian ports operator recovering after major cyber incident

Minister lashes DP World hack failure

Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters

Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states | CNN Politics

Fidelity National Financial investigating cyberattack that led to service disruption | Cybersecurity Dive

Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS

North Texas water utility serving 2 million hit with cyberattack

Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack

High-profile ransomware gang suspects arrested in Ukraine

FBI struggled to disrupt dangerous casino hacking gang, cyber responders say | Reuters

Chinese spies had acces to Dutch chip maker NXP's systems for over two years: report | NL Times

North Korean supply chain attacks prompt joint warning from Seoul and London

North Korean attack on CyberLink impacted devices around the world, Microsoft says

North Korean ‘BlueNoroff’ group targeting financial institutions with macOS malware

Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop

(14) Microsoft Should Look to the Past for Its Security Future

Sacked Ukrainian cyber chief released on bail amid corruption probe

Second top Ukrainian cyber official arrested amid corruption probe

Report claims to reveal identity of Russian hacktivist leader

Rebel offensive in Myanmar takes aim at online scam industry

Myanmar Rebel Offensive Helps China's Cybercrime Crackdown

Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop

Nearly two dozen Danish energy companies hacked through firewall bug in May

Senate proposes surveillance bill without FBI warrant requirement

The FCC says new rules will curb SIM swapping. I’m pessimistic | Ars Technica

EU urged to drop new law that could allow member states to intercept and decrypt global web traffic

Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog

Spavor blames fellow prisoner Kovrig for Chinese detention, alleges he was used for intelligence gathering - The Globe and Mail

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED

...more

By Patrick Gray

4.6

354354 ratings